Are Your Passwords Protecting You or Putting You at Risk?

Protect Your Accounts With Better Passwords

February 11, 2026All Articles, Cybersecurity, , ,

Pop quiz time! Don’t worry – this is a fun (and interesting) quiz.

What do you think is the most common password across people in the U.S.?

A) password
B) 123456
C) admin
D) 12345678

If you guessed “admin,” congratulations—you’re right! And if you guessed “all of the above,” you’re not wrong—these passwords are the top four most-used passwords across the U.S., with the fifth one being “123456789.”

These common passwords aren’t just used in the U.S. though. Globally, they’re all in the top 5 (“minus”12345” replaces “password”), with the top choice being “123456.” Learn more about the top passwords and see data broken down by country, generation and trends in an article by NordPass on the Top 200 Most Common Passwords.

While it’s kind of funny and not super surprising, it’s also rather frightening to think about what this means for the millions of people using these passwords. Despite years of warnings, awareness, and increasingly sophisticated cyberattacks, many people still use passwords that can be guessed in seconds, which can lead directly to compromised accounts. In fact, the 2025 Verizon Data Breach Investigations Report stated that stolen usernames and passwords were used to break into systems in about 22% of reported breaches.

Why Do So Many People Use Simple Passwords?

It’s hard to remember multiple passwords, which is one of the biggest reasons why so many people rely on simple passwords. After all, it’s easy to remember numeric sequences and familiar names. Some people may think they won’t be targeted or they’re just too busy to make safeguarding accounts a priority.

With the fast-paced world we live in, full of notifications and competing priorities, convenience often wins. Unfortunately, that convenience or lack of action is exactly what threat actors count on.

Why Common and Reused Passwords Put You at Risk

Malware studies show that the average user reuses about half of their passwords across different services (2025 Verizon Data Breach Investigations Report). When you combine widespread password reuse with the fact that threat actors already know the most common passwords, it creates an easy opportunity for accounts to be compromised.

Here’s how it typically works. Threat actors don’t usually sit at a keyboard guessing passwords one by one. Instead, they use automated tools (scripts or software) that can try thousands or even millions of login attempts very quickly. These tools are designed to try:

  • The most common passwords
  • Passwords from previous data breaches
  • Simple variations of passwords (e.g., “password1,” “Password!,” etc.)

If someone is using one of those common passwords and with billions of stolen credentials available from past breaches, the threat actor often gets in almost immediately, without needing anything sophisticated.

Here’s where things get more concerning. A report from Forbes Advisor revealed that 78% of people use the same password for more than one account (up to 11 or more accounts). The issue is that password reuse creates a domino effect. For example, when a threat actor obtains your password from a breached site, they will try that password on other accounts like email, social media, cloud services and other systems. Even a long, complex password isn’t safe if it’s reused across multiple accounts. Uniqueness is what limits the blast radius. When every account has its own password, a breach is far more likely to stay contained instead of spreading.

This is why common and reused passwords can put you at risk.

How to Make Your Accounts Harder to Compromise

So what can you do to protect yourself? Start by creating strong, unique passwords. Here are a few practical tips:

  1. Use longer passwords (12+ characters).
  2. Mix uppercase and lowercase letters.
  3. Include numbers.
  4. Use symbols (such as *, $, &, etc.).
  5. Make every password unique.
  6. Don’t use common passwords as mentioned in the NordPass article.
  7. Don’t use personal information, such as your name, your children’s names or your pets’ names.
  8. Don’t reuse passwords.

Using a passphrase, which is a longer string of unrelated words that’s easy to remember but difficult to guess, is another approach. An example of a passphrase is “SunsetTravelCoffeeTrain.” Password length and randomness beat clever substitutions every time.

In addition, use a password manager (e.g., 1Password, Bitwarden or NordPass) to manage all your passwords. A password generator can generate strong, unique passwords for each account and store them securely, so you don’t have to remember or write down dozens of passwords.

Finally, use multifactor authentication (MFA) whenever possible. MFA adds an extra layer of protection, even if a password is compromised.

Yes, these tips may take a little bit more time up front, but they can also save you a lot of time, frustration and risk in the long run.

One Small Challenge

We started this article with a pop quiz, and now we’re giving you a challenge: take just one password today, and make it stronger. Your accounts will thank you.

Author

Julie Walker
Communications Specialist
UC Office of the President

Related Posts