- Businesses still have not stopped using easily crackable passwords
- Germany, USA and China suffer the most violations
- 123456, password and QWERTY are still used in 2025
Many companies still use weak passwords that can be broken in less than a second in the case of a brute force attack to secure their accounts, new research from one of the best password managers, Nordpass, has found.
Passwords such as ‘123456’, ‘secret’ and even ‘password’ are used by thousands of businesses around the world, resulting in easy picking for hackers.
The research also found that Germany was the top of the world for password violations, with 582,067 events, closely followed by the United States with 502,435 and China of 448,375.
The password is ‘password’
Nordpass’ research used a 2.5 terabyte database prepared from several publicly available data sets, including some from the Dark Web that covered 11 industries.
For Enterprise, the most common password in the database ‘123456789’ was with 378,182 uses, followed by it much easier to remember ‘123456’ with 356,341 uses, and just to round it all out ‘12345678’ comes in third with 145,688 use.
Small and medium -sized businesses are not doing much better, with ‘123456’, which topped the list for both with a total of 852,861 across both business sizes. Other classic passwords such as ‘Qwerty123’, ‘ABC123’ and ‘Iloveyou’ also appear on the list and take less than a second to crack.
Interestingly, the 28th most widely used password in Nordpass’ Dataset ‘Timelord12’, which may have suggested that an IT worker with a love for Peter Capaldi’s work as the twelfth doctor in Doctor, who was responsible for creating over 30,447 accounts that were later postponed.
Nordpass also found that many users who did not use the most common passwords would often use their own E -mail address as their password, which made it pretty easy for an attacker to crack their accounts. Names were also a regular recording in the database, which suggested that employees were using their own names as a password.
If you have seen your password somewhere in this article or in Nordpass’ research, it may be time to change it to something more secure so that you are not responsible for a break.
To better protect business accounts, companies should introduce password creation rules that make it more difficult to use simple passwords that can be easily broken. Nordpass also offers a business password administrator to help companies generate and store passwords securely.
Companies should also implement two-factor approval when logging in to accounts to help verify that the person gaining access to the account is a legitimate user, and not a villain with stolen credentials. Companies can also switch to the use of bags that use secure approval to log in without the need to remember complex passwords.
