Most Hackable Passwords

Passwords are paramount to making sure that your data stays private and secure. However, the risks of a weak password could mean a serious data breach, with an average data breach in 2024 costing $4.88 million, which is a 10% increase from 2023. As 2025 unfolds, it is important to ensure that your passwords are not within popular lists and can be trusted to keep your data safe.

Here at KnownHost, we conducted a study to investigate the most used passwords and how likely they are to be hacked based on how many times the password has been seen in recorded data breaches.

Most Hackable Passwords

From the latest 2025 data, the top five most hackable passwords are dominated by simple numeric sequences. ‘123456’ remains the most common password worldwide, appearing in over 3 million user accounts and involved in more than 50 million data breaches. 

In second place, ‘123456789’ has been used 1.6 million times and appeared in 20.5 million breaches. In third, ‘1234’ continues to rank highly due to its short length, making it extremely easy to crack-often in less than a second, as with all passwords in the top ten.

The most hackable letter-based password is ‘password’, which ranks sixth and has been found in 692,000 user accounts and 11 million breaches, the third highest in the top 10. ‘Admin’ follows in eighth place, used nearly 250,000 times and involved in almost 5 million breaches. 

In tenth position, ‘abc123’ is the only top-10 password combining letters and numbers, used 331,000 times and involved in 4.2 million breaches.

Most Common Password Patterns

Across the 200 passwords analyzed, sequences only contain letters and numbers, either alone or in combination. Notably, none of the most common passwords include special characters. 

In 2025, 65.5% of the global top 200 passwords are a combination of letters and numbers, 23.5% use only letters, and 11% use only numbers. 

From this, we can see that combinations are the most likely passwords to be used globally, whilst only numbers are the most likely to be involved in data breaches.

Most Common Password Lengths

The character length for the global top 200 passwords ranges from 4 to 15 characters, with eight characters being the most common length (20.5% of all passwords ranked). The least common length is four characters, accounting for just 0.5% of all passwords.

Methodology

For this study, the top 200 passwords used worldwide were seeded from NordPass. These were then loaded into PwnedPwnedPwned to check the frequency of these passwords being hacked, with data breach data spanning from 2007 to 2025. From this, the passwords were then standardized using minmax normalisation. The minmax normalisation value is multiplied by 10 to create a score (between 1-10). A score of 10 is always the best result and this was used to find the new ranking for the most hacked passwords across the globe.

2025 Password Trends

• Over 24 billion credentials are exposed each year in data breaches.
• 23% of people reuse a password across three or four different accounts, and 30% of password thefts are due to password reuse.
• The most commonly stolen information in password attacks includes first and last names (39%), phone numbers (38%), and personal addresses (37%).
• Only 15% of users rely on a password manager, while 36% still write passwords down on paper.
• Pop culture passwords like “superman,” “blink182,” and “minecraft” remain common and frequently breached.

How KnownHost Helps Protect Your Passwords

1. Secure Account & Server Access

• Two-Factor Authentication (2FA):
  KnownHost supports 2FA for both account management and cPanel/WHM logins. This means that even if a password is compromised, attackers cannot access your hosting account without a second authentication factor.
• SSH Key Authentication:
  For VPS, cloud, and dedicated hosting, you can use SSH keys instead of passwords for server access. SSH keys are virtually immune to brute-force and dictionary password attacks.

2. Password Policy Enforcement

• Strong Password Requirements:
  KnownHost’s platforms enforce strong password creation for both hosting accounts and control panels, helping prevent the use of common or easily guessed passwords.
• Password Change Tools:
  Users can easily update passwords for all services, and KnownHost recommends regular password updates, especially after any suspected breach.

3. Automated Security Tools

• Imunify360 & Patchman:
  These security suites automatically detect weak or compromised passwords in web applications (like WordPress), alert you to vulnerabilities, and can block brute-force login attempts.
• Web Application Firewall (WAF):
  Blocks automated attacks that try to guess or brute-force user passwords on your website.

4. SSL/TLS Encryption

• Free AutoSSL on All Plans:
  All KnownHost hosting plans include free SSL certificates, ensuring that login credentials are encrypted in transit and cannot be easily intercepted by attackers.

5. Expert Support & Guidance

• 24/7/365 Support:
  If you have concerns about password security, KnownHost’s expert support team can guide you on best practices, help you reset compromised credentials, and assist in securing your account.

6. Backup and Recovery

• Daily Backups:
  In the event of a breach due to a compromised password, KnownHost’s daily backups allow you to quickly restore your website and data to a secure state.

7. User Access Management

• Multiple User Accounts:
  For reseller, VPS, and dedicated hosting, you can create separate user accounts for team members, each with unique, strong passwords and customizable permissions-reducing the risk associated with shared credentials.

Why This Matters

By combining strong password policies, two-factor authentication, SSH key support, automated security tools, and expert support, KnownHost dramatically reduces the risk that your website or server will be compromised due to weak or common passwords. This aligns with the latest 2025 password security best practices and helps you maintain a safe, professional online presence.

Sources:

• Global Top 200 Passwords – https://nordpass.com/most-common-passwords-list/
• Number of Data Breaches – https://haveibeenpwned.com/Passwords
• Estimated Time to Crack- https://bitwarden.com/password-strength/