A new report suggests younger generations may have weaker passwords than their older counterparts.
And Canadians are among those using some of the most common passwords in their logins rather than more secure options.
NordPass, a password manager for business and consumer clients, released its list of the top 200 passwords for 2025 with the help of independent cybersecurity researchers. The data was collected from public data breaches and dark web repositories from September 2024 to September 2025.
The company says simple passwords are extremely easy to guess, yet many seem to ignore the warnings — including Canadians.
Topping the list of most common passwords in Canada overall was “admin,” followed by “123456,” then “gallant123,” followed by “password,” while “1hateyou” was the fifth most common.
Worldwide, the report finds the overall most common password is “123456,” followed by “admin” and “12345678” in third.
NordPass says what may be the most surprising is the use of common passwords among younger Canadians, who are more likely to have grown up immersed in the online world compared with older generations.
Researchers highlight that number combinations like “12345” are in the top spots across all age groups, and are more likely to be used by Gen Z and millennials, who appear less likely to use names in their passwords.
Get breaking National news
For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
Meanwhile, older generations are more likely to use names in their passwords and more often in combination with numbers, starting with Generation X and peaking among baby boomers, according to the report.
For example, NordPass says among Gen X, the most popular name used as a password is “Veronica,” while baby boomers most often use “Maria,” and the silent generation’s most common name as a password is “Susana.”
The most commonly used special character in a password was “@,” and the report says it was used in passwords that are seemingly uncomplicated, like “P@ssw0rd,” “Admin@123” or “Abcd@1234.”
Researchers in the report say the vast majority of data breaches are caused by compromised, weak and reused passwords.
Passwords aren’t the only security tool
NordPass says that although education and awareness on how to create stronger passwords that are difficult to predict is key to online security, newer and more secure methods are slowly becoming more common.
This includes the use of passkeys, biometric data and multi-factor authentication.
The Canadian Centre for Cyber Security says the more complex the requirements to guess a password or access an account, the stronger a person’s cybersecurity is likely to be.
For example, the centre recommends that people use a passphrase consisting of four or five words typed out together, a complex password that incorporates uppercase and lowercase characters as well as special characters, and tools like multi-factor authentication.
However, since those are not as widely used, NordPass says strong passwords are still important.
The company adds that individuals should never reuse passwords and should try to have unique ones for each account. Passwords should also be regularly reviewed for what NordPass calls a “health check” to identify weak, old or reused ones.
For those who feel they can’t remember all their different passwords or who feel overwhelmed, the Canadian Centre for Cyber Security says that a credible, carefully selected password manager tool can be a good option.
© 2025 Global News, a division of Corus Entertainment Inc.
Is your password on the ‘most common’ list? You might be surprised
