NordPass, together with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary.
Most common passwords in Canada
Below are the top 20 most common passwords in Canada. The full list of global passwords and those from other countries covered by this research is available here.
- admin
- 123456
- gallant123
- password
- 1hateyou
- 12345678
- 123456789
- ZZZzzz111
- 12345
- Password
- stinky124
- Cutie121
- Password1
- pelletier123
- winners1
- wowme234
- 123four56
- 12345678910
- imstupid
- 1234567890
Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, Canadians seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate Canada’s top 20 list.
This year, “admin” is the most common password in Canada, replacing last year’s top choice, “qwerty123,” while “123456” ranks second. However, different variations of the word “password” take up as many as three spots in Canada’s top 20 most common passwords list. Different numeric combinations take up six spots.
Researchers also point out that sports-related terms (e.g., “hockey”) are being replaced by swear words in some countries. But Canadians are too polite for that. Their top 20 lists for both last year and this year contain no profanities.
Global trends
Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
The word “password” remains one of the most popular passwords worldwide. It’s used both in English form and in local languages in nearly every country we studied — from Slovak “heslo” and Finnish “salasana” to French “motdepasse” and Spanish “contraseña.”
“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Karolis Arbaciauskas, head of product at NordPass.
The myth of the “digital native”
Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.
Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers.
Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”
The full list is available here.
Password safety tips
According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:
- Create strong random passwords or passphrases. Passwords should be at least 20 characters long and consist of a random combination of numbers, letters, and special characters.
- Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.
- Review your passwords. Make sure to regularly check the health of your passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.
- Use a password manager. It can help you generate, store, review, and safely manage all your passwords, ensuring they’re well protected, difficult to crack, and easily available when you need them.
- Turn on multi-factor authentication (MFA). It adds an extra layer of security. MFA helps keep hackers out even if a password gets breached.
Research methodology
This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specializing in research of cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed for passwords exposed from September 2024 to September 2025, with statistically aggregated data extracted. No personal data was acquired or purchased for this research.
Related
This entry was posted on November 18, 2025 at 9:46 am and is filed under Commentary with tags Nordpass. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Guest Post: The “qwerty123” is out: “admin” is Canada’s top password in 2025
NordPass, together with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary.
Most common passwords in Canada
Below are the top 20 most common passwords in Canada. The full list of global passwords and those from other countries covered by this research is available here.
Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, Canadians seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate Canada’s top 20 list.
This year, “admin” is the most common password in Canada, replacing last year’s top choice, “qwerty123,” while “123456” ranks second. However, different variations of the word “password” take up as many as three spots in Canada’s top 20 most common passwords list. Different numeric combinations take up six spots.
Researchers also point out that sports-related terms (e.g., “hockey”) are being replaced by swear words in some countries. But Canadians are too polite for that. Their top 20 lists for both last year and this year contain no profanities.
Global trends
Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
The word “password” remains one of the most popular passwords worldwide. It’s used both in English form and in local languages in nearly every country we studied — from Slovak “heslo” and Finnish “salasana” to French “motdepasse” and Spanish “contraseña.”
“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Karolis Arbaciauskas, head of product at NordPass.
The myth of the “digital native”
Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.
Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers.
Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”
The full list is available here.
Password safety tips
According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:
Research methodology
This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specializing in research of cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed for passwords exposed from September 2024 to September 2025, with statistically aggregated data extracted. No personal data was acquired or purchased for this research.
Share this:
Like this:
Related
This entry was posted on November 18, 2025 at 9:46 am and is filed under Commentary with tags Nordpass. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.