Hackers Can Crack 70% of Passwords in 1 Second – Data Shows Yours Is Likely in a Breach

Passwords are the final line of protection that keeps our personal and financial data safe from unwanted eyes. We might not think about it, but one weak password can wreak havoc in our lives. And even if we have the strongest of the passwords, all of them are vulnerable to a cyber attack.

Using birthdays, reusing passwords or falling for phishing scams are common culprits of data breaches. And keeping in mind 80% of data breaches are linked to passwords, it’s safe to say we should be more careful to keep our accounts protected. Which leads to the question… How bad is the state of passwords in 2025?

In today’s article we’ll delve deep into the latest password statistics, sharing its most common usage patterns, hacking incidents, breaches and cyber security handicaps.

Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.

Subscribe (it's FREE) ►

Top Password Statistics (2025)

• 70% of passwords can be cracked in less than 1 second.
• 3 in every 4 people globally don’t follow password best practices.
• 30% of Internet users have experienced a data breach due a weak password.
• Poor practices cause 81% of company data breaches.
• Data breaches cost over $4.88 million per incident.
• 85% of data breaches involved phishing, stolen credentials or human error.
• The most commonly used password is “123456”
• 60% of Americans use the same password for more than one account.
• 13% of Americans use the same password for every account.

How Many Passwords Does the Average Person Have?

According to NordPass, the average Internet user has a total of 255 different passwords. From these, 168 are used for personal accounts and 87 for business-related accounts.

30% of users have been victims of a data breach due a weak password

As stated above, the average person has over 250 different passwords to deal with on a daily basis. However, having many passwords doesn’t always translate into a safer security for your data. In fact, according to Goodfirms, 3 in every 10 users have experienced a data breach due to having a weak password.

75% of people globally don’t follow password best practices

A survey of over 8,000 Internet users made by Keeper Security shows how 28% of users are aware that picking strong passwords is the best way to achieve cybersecurity. 51% of them also stated that cybersecurity is easy to understand and follow.

Even though these claims were made, the same survey also shows that Internet users are normally overconfident about their online securing, with 75% of the respondents stating that they do not adhere to the widely accepted password best practices.

Secure vs. Easy-to-Recalls Passwords: Which Ones are Used the Most?

Americans are evenly split between memorable passwords versus strong ones. A recent survey made by PewResearch shows how, on average, 46% of Americans prefer easy to remember passwords even if they are less secure. On the other hand, 50% of US citizens prefer using more secure passwords, even if they are harder to remember.

25% Of People Worldwide Reuse Passwords Across Multiple Accounts

Bitwarden’s 2024 World Password Day survey shares some interesting facts about global password usage. Among them we find how individuals reveal risky password practices at home, such as reusing passwords over 11-20+ accounts. The same survey also shows how 36% of these admit to using personal information in their credentials on social media (60%) and online forums (30%).

60% of Americans Reuse Passwords in Multiple Accounts

If we look at America in detail, we find out that 60% of Americans use the same password in multiple accounts. According to a Google/Harris survey, only:

• 37% of Americans use two-factor authentication.
• 36% keep track of passwords on paper.
• 34% regularly change passwords.
• 15% use a password manager.

The same study also shows that 1 in 8 US adults use the same password for every single account they own, while 52% of the surveyed reused it for only some of them. 

Here’s a breakdown of the results:

• Has the same password for all accounts: 13%
• Has the same password for some accounts: 52%
• Has unique passwords for every account: 35%

Most Common Accounts to Have Your Password Hacked

A recent survey made by Forbes Advisor shows how social media accounts are most likely to be hacked with a stolen or compromised password. Following closely we find email accounts, Wi-Fi, shopping accounts and bank accounts.

Here’s a detailed breakdown of the results:

• Social media accounts: 29%
• Email accounts: 15%
• Home Wi-Fi: 9%
• Shopping accounts: 8%
• Financial institutions: 8%
• Streaming platforms: 7%
• Hotspot Wi-Fi: 7%
• Gaming platforms: 7%
• Healthcare accounts: 6%
• Biometric health data: 4%

Top Reasons Passwords Are Compromised in 2025

Stolen passwords normally lead to personal and financial data loss, with 75% of victims reporting to have information stolen from hacked accounts. But… What are the main reasons passwords are compromised in 2025? According to Forbes Advisor, 35% of the surveyed believe that having a weak password might have led to their account being stolen. 

Here’s a detailed breakdown of the results:

• Weak password: 35%
• Repeatedly used password: 30%
• Company data breach: 27%
• Phishing: 21%
• Malware: 21%

What Are the 10 Most Common Passwords in 2025?

Sources like Cybernews, NordPass or CNBN agree that 123456 and 123456789 are the most common passwords in 2025. These are definitely the most vulnerable ones and can be easily cracked in less than one second. Closing the top 5 we have 12345678, password and qwerty123. 

Here’s the top 10 most common passwords in 2025 and how much time does it take to crack them:

1. 123456- less than 1 second.
2. 123456789- less than 1 second.
3. 12345678- less than 1 second.
4. password- less than 1 second.
5. qwerty123- less than 1 second.
6. qwerty1- less than 1 second.
7. 1111111- less than 1 second.
8. 12345- less than 1 second.
9. secret- less than 1 second.
10. 123123- less than 1 second.

59% of Americans Use Birthdays or Names in Their Passwords

Strong passwords require a combination of letters, characters and numbers to prevent possible hacking attacks. Despite this, the average US adult doesn’t follow the standard good practices to protect their accounts. According to Google, 59% of Americans use names and birthdays for their passwords, being thus exposed to possible online breaches.

Here’s the complete data from the survey:

1. Use their own name: 22%
2. Use a pet’s name: 33%
3. Use their children’s name: 14%
4. Use their partner’s name: 15%

How Many Passwords Are Stolen Each Year?

Data breaches are currently the biggest concern for companies worldwide, being the most common cause of sensitive information loss. In 2022, over 24 billion passwords were exposed by hackers, with 6.7 of them being unique pairing of usernames and passwords. In the first quarter of 2023, 6 million data records were exposed online but the numbers have grown exponentially, with 422 million records exposed by data breaches in Q3 2024. This increasing trend is supported by a recent report stating how one million passwords are stolen on a weekly basis.

Conclusion

Passwords play a pivotal role in our digital lives, ensuring the safety of our personal and financial data. As shown by data, while most users are aware of the importance of having strong and individual passwords for every account, very few of them actually manage them properly. 

With the rise of AI, cybercriminals have found new ways to steal our passwords, making phishing more believable and exponentially increasing the number of data breaches per year.

To keep our online credentials safe,  it is recommended to follow best practices, change our passwords frequently as well as enable two-step verification (when available). It is also advised to use services and tools such as password managers, which will create unique and strong passwords for each of your online accounts.