Researchers from Cybernews analyzed more than 19 billion passwords, finding that insecure password practices persist. According to the research, only 6% of passwords analyzed were unique. The remaining 94% were duplicated or reused. 

“We’re facing a widespread epidemic of weak password reuse,” warns Neringa Macijauskaitė, Information Security Researcher at Cybernews.

The research studied leaked passwords to understand password trends in 2025, noting key trends such as: 

• Default or “lazy” passwords are still common (such as “password”, “admin”, or “123456”). 
• Most individuals use passwords with eight to 10 characters (42%) with eight characters being the most common. 
• 27% of passwords contain only lowercase letters and digits. 

“The prevalence of weak, reused, and simple passwords across platforms significantly increases the risk of cyberattacks,” Macijauskaitė states. “If you reuse passwords across multiple platforms, a breach in one system can compromise the security of other accounts, creating a domino effect. Even without any compromise, hackers can exploit common password patterns.”