The most used passwords in Italy and the rest of the world in 2025: here is the top 10

Ecology

The most used passwords in Italy and the rest of the world in 2025: here is the top 10

“123456” continues to reign supreme as the most widespread password in the world. A negative record that it has held for 6 years now, on a ranking that has been drawn up by NordPass for 7 years with the independent consultancy of NordStellar. The sequence of the first 6 digits was also the most used in Italy last year, ousted in 2025 by “admin”.

The data we are about to show you is the result of an in-depth analysis conducted on public breaches and Dark Web archives in the period included between September 2024 and September 2025reveal that convenience still wins, by far, over prudence. And don’t think that this is a problem linked to the chronological age or to an alleged digital inexperience of older users: the survey highlighted how, from Baby boomers up to Gen Z, passing through Millenials, the uniformity in the choice of weak credentials is almost total.

If basic numerical sequences dominate on a global level, in Italy some cultural and even footballing peculiarities stand out, but the substance does not change: the doors of internet users’ digital lives are often left ajar. In this in-depth analysis, in addition to revealing the top 10 of the least secure passwords used in Italy and in the worldwe will provide you with some useful tips to make your online accounts more robust from an IT security point of view.

Italy vs. rest of the world: the top 10 ranking

Below we report the ranking of the most compromised passwordscomparing the habits of us Italians with those of users from the rest of the world. In brackets you will also find the number of times the string was detected in the breached databases.

Top 10 Italy

  1. admin (used 340,576 times)
  2. password (in use 109,533 times)
  3. 123456 (used 95,899 times)
  4. Password (used 79,167 times)
  5. 12345678 (used 53,030 times)
  6. 123456789 (used 33,069 times)
  7. 12345 (used 22,208 times)
  8. Naples1926 (used 18,362 times)
  9. 123star (used 16,927 times)
  10. perlanera (used 14,969 times)

Global top 10

  1. 123456 (used 21,627,656 times)
  2. admin (in use 21,030,012 times)
  3. 12345678 (used 8,274,408 times)
  4. 123456789 (used 5,673,712 times)
  5. 12345 (in use 3,950,777 times)
  6. password (used 3,545,119 times)
  7. Aa123456 (used 2,520,728 times)
  8. 1234567890 (in use 1,418,939 times)
  9. Pass@123 (used 1,210,039 times)
  10. admin123 (used 1,087,247 times)

Where do these rankings come from?

To understand the severity of these numbers it is essential to understand how they were obtained. The investigation was born from the synergy between NordPass, NordStellar and a group of independent researchers expert in cybersecurity. Work has been done analysis of enormous quantities of data from repositories, i.e. digital archives, of the Dark Web (that part of the Internet not indexed by search engines and often used for illicit exchanges) and from public data breaches that occurred in the last year.

One of the most interesting aspects of this year’s research concerns thegenerational analysis. Thanks tometadata examinationincluding dates of birth, was possible associate passwords with different age groups. One might expect digital natives to have better “cyber hygiene” than their grandparents, but the findings have disproved this assumption. The quality of the access keys is uniformly poor: strings such as “123456” and “admin” are transversal and are used without distinction by all generations. This shows that, despite the increase in violations and awareness campaigns, users’ approach is not changing: simplicity is constantly preferred to security.

How to protect your online accounts

Apart from what has been said so far, what to do to protect your digital identity? The first rule is to abandon laziness. Create complex passwords of at least 8 characters that mix numbers, symbols and letters, or rely on the passphrase: sequences of words (like a meaningful sentence) that are much longer and more difficult for a computer to decipher, but easier for you to remember. It is also vital never “recycle” credentials: if you use the same key for email and social media, one breach will be enough to compromise everything.

An essential tool that you should activate wherever possible is themulti-factor authentication. This is the system that, after the password, asks you for a second code (via SMS, authentication app or email) to verify that it is really you. To manage the complexity of having different keys for each site, the advice is to use a password managera “safe” software that generates and remembers credentials for you. And, since the future is represented by passkey, we suggest you activate the latter whenever it is possible to do so for a particular service. Passkeys, in fact, aim to eliminate passwords entirely, replacing them with cryptographic systems linked to your devices or biometric data, thus making access not only simpler, but drastically safer against credential theft.

Alexander Marchall

Alexander Marchall

Alexander Marchall is a distinguished journalist with over 15 years of experience in the realm of international media. A graduate of the Columbia School of Journalism, Alex has a fervent passion for global affairs and geopolitics. Prior to founding The Journal, he contributed his expertise to several leading publications.

Latest articles
The 7 bridges problem and the birth of graph theory
The story of Nina Kulagina, the woman who inspired Eleven from Stranger Things
Here are the questions we asked Alexa most often in 2025