Since the first international treaty on data privacy and protection formed in 1981, we have achieved a lot in this area. Unfortunately, the passwords that protect our digital lives and serve as keys to our data remain weak. You can say that in more than four decades, we have only progressed one step – from “12345” to “123456”.
Cybersecurity experts are urging people to review both the information they entrust to companies and institutions, as well as their passwords.
“As a society, we need to improve our cyber hygiene. Passwords are the first line of defense for our sensitive information, but ironically, they also remain our most overlooked weakness in the digital world. NordPass’s 7-year-old Top 200 Most Common Passwords study has revealed the same disheartening truth about our online habits. Millions of people can still easily use very simple passwords,” Cybersecurity Product Manager Karolis Arbaciauskas says ‘123456’ or ‘password’ NordPass.
The keys to the digital treasure
This stubborn refusal to adopt better practices means that passwords, a key element of our digital defense systems and the key to our confidential information, continue to be the weakest link in our security chain, he said.
It presents as an illustration Top 200 Most Common Passwords 2025 study. For example, “admin” ranked second on the global list of most popular passwords and topped many national lists in the Americas and Europe, including the US, Canada, UK, Australia, Germany, Italy, France, Spain, Portugal, and Brazil.
Passwords like “admin” are often the factory default passwords on new devices like computers, routers, and security cameras. Statistics like these show that people don’t bother to change them often. This is a critical flaw because hackers know it. A password isn’t just a random string of letters and numbers—it’s the master key to the passwords that protect everything that goes into our digital bank accounts and social media accounts. Media profiles and even our smart home devices, without strong, unique passwords, all other privacy settings and security measures are largely useless because an attacker can simply walk in and take our data.
Trust betrayed
Arbaciauskas adds that businesses and government agencies also need to pay more attention to data protection, because when companies or institutions are breached, customer data is often leaked as well.
“Our online activities create a treasure trove of data—from our interests, behaviors, physical and mental health data, to online payment information—that is collected by websites, apps, devices, services, and companies around the world. People often have no control over how every little bit of information about themselves and their families is collected, but they are forced to trust companies and institutions if they want to use their services. Ultimately, users’ trust in them is betrayed,” says Arbaciauskas.
