The 25 Most Vulnerable Passwords of 2026

  ICT, Rassegna Stampa, Security
image_pdfimage_print

Recent research reveals the most vulnerable passwords of 2026 — additionally, the research determined the most commonly hacked categories of passwords.

This research was conducted by Plasma. The methodology involved assessing Comparitech’s Most Common Password report and NordPass’s Top 200 Most Common Passwords list, then leveraging KeywordTool to determine search volumes to find the 25 most common passwords based on global popularity. According to the research, higher search volumes could suggest higher public interest, which could lead to higher password usage. Therefore, this places those passwords at a greater risk of being hacked. 

The Most Vulnerable Password of 2026: “password” 

With a search volume of 10,304,600 in the past year, “password” is the most insecure password of 2026. This finding corroborates recent reports that password convenience is favored over password security in many instances. 

Top 25 Most Vulnerable Passwords of 2026 

  1. password
  2. admin
  3. qwerty
  4. 111111
  5. 12345678910
  6. minecraft
  7. 1111
  8. 654321
  9. 12345
  10. 123456
  11. admin123
  12. 123
  13. Pass@123
  14. 1234567
  15. 1234567890
  16. Aa123456
  17. 123456789
  18. 112233
  19. 12345678
  20. qwerty123
  21. admintelecom
  22. 123123
  23. P@ssw0rd
  24. abcd1234
  25. 102030

The research additionally assessed the most insecure password categories, finding the most vulnerable to be ascending/descending letters or numbers. 

10 Most Vulnerable Password Categories of 2026 

  1. Ascending/Descending
  2. Patterned 
  3. Alphanumeric combinations
  4. Typing patterns 
  5. Repeated digits
  6. Capitalization
  7. Common words 
  8. “Password” variants 
  9. Admin
  10. Names

A spokesperson from Plasma told Security magazine, “Our research indicates that a significant number of users continue to believe that combining letters, symbols, and numbers is sufficient to secure their accounts in 2026. While a password may appear robust, attackers can rapidly exploit predictable patterns such as sequential numbers, repeated characters, or common keyboard layouts through brute force methods. A strong password should function as an access point, designed to resist systematic attack rather than prioritise memorability. Combined with multifactor authentication, this approach materially reduces the risk of unauthorised access.”

https://www.securitymagazine.com/articles/102132-the-25-most-vulnerable-passwords-of-2026