Since the first international treaty on data privacy and protection formed in 1981, we have achieved a lot in this area. Unfortunately, the passwords that protect our digital lives and serve as keys to our data have remained weak. You might say that in over four decades we have moved forward just one step — from “12345” to “123456.”
Cybersecurity professionals are urging people to review both the data they’re entrusting to companies and institutions as well as their passwords.
“We as a society must improve our cyber hygiene. Passwords are the first line of defense for our sensitive data, but ironically, they also remain our most overlooked weakness in the digital world. For seven years running, NordPass’ Top 200 Most Common Passwords study has shown the same disheartening truth about our online habits. Millions of people still use ridiculously simple, easily guessable passwords like ‘admin,’ ‘123456,’ or ‘password,’ says Karolis Arbaciauskas, head of product at cybersecurity company NordPass.
Keys to the digital treasure
According to him, this stubborn refusal to adopt better practices means that passwords, which should be a major element in our digital defenses and the primary keys to our confidential data, continuously act as the weakest link in our security chain.
As an illustration, he presents the Top 200 Most Common Passwords 2025 research. For example, “admin” took second place in the global list of most popular passwords and tops many national lists in the Americas and Europe, including the USA, Canada, the United Kingdom, Australia, Germany, Italy, France, Spain, Portugal, and Brazil.
“Passwords like ‘admin’ are often factory default passwords on new devices such as computers, routers, and security cameras. Statistics like this show that people often don’t bother changing them. That’s a critical flaw because hackers know it. A password isn’t just a random string of letters and numbers – it’s the master key to our digital accounts. Passwords protect everything from our bank accounts and personal messages to health records, social media profiles, and even our smart home devices. Without strong, unique passwords, all other privacy settings and security measures become largely useless because an attacker can simply walk right in and take our data. In that case, a criminal taking out a loan in our name may not even be the worst thing that could happen,” says Arbaciauskas.
The trust betrayed
Arbaciauskas adds that businesses and public institutions should also pay more attention to data protection because when companies or institutions are breached, customer data is often leaked as well.
“Our online activity creates a real treasure trove of data that ranges from our interests, behaviors, and physical and mental health information to online payment information, and it is collected by websites, apps, devices, services, and companies around the globe. People often cannot control how every little piece of data about them and their family is collected but are forced to trust companies and institutions if they want to use their services. Unfortunately some of those entities get hacked eventually, and the trust users have in them is betrayed,” says Arbaciauskas.
