Security researchers at CyberNews analyzed 19 billion passwords leaked online in 2024 and 2025 and found that only 6% are unique characters, while the remaining 94% are a disaster that fail to meet even the most basic security requirements.
Image source: AI
According to TechSpot, 42% of users choose passwords that are 8–10 characters long, and 27% limit themselves to numbers and lowercase letters. If it weren’t for the service’s character count requirements, many would use 3–4 characters. The top most predictable options were “1234” (727 million occurrences), “password” (56 million), and “admin” (53 million). Names, curse words, city names, country names, and animal names were also popular.
Image source: CyberNews
«The problem is not in ignorance of security rules, but in the unwillingness to comply with them, experts say. “It’s easy to create a complex password, but it’s hard to remember, and without special programs, it’s almost impossible to keep dozens of reliable combinations in your head.”
Researchers have found that people rely on templates that hackers check first when trying to crack a password. For example, a dictionary for guessing passwords necessarily includes “qwerty,” “iloveyou,” and “123456.” Such combinations can be cracked in seconds, even without special software.
Image source: CyberNews
But there is a solution, of course. You can use password managers, such as Bitwarden or 1Password, and two-factor authentication (2FA). However, few people use them. “People are willing to risk their data just to avoid spending an extra 30 seconds,” CyberNews notes.
It is reported that all analyzed data was anonymized – not tied to a specific login or email. However, the scale of the leaks shows that if the password is simple or repeated on several sites, the chance of hacking is extremely high.