Facepalm: It's almost 2026 and the world's population has never been so tech-savvy. When it comes to passwords, however, a lot of people are stuck in the 1990s. Another study examining the most common passwords has found that many believe numbers in ascending sequential order are the most secure credentials, with 123456 still the most popular choice.

The latest shame-inducing most-common-passwords report comes from tech research and review site Comparitech. Using information leaked on data breach forums in 2025, its researchers aggregated more than 2 billion real account passwords, creating a list of the 100 most-used.

All the usual suspects appear in the top twenty: 123456, 12345678, and 123456789 take the top three places, with 'admin' in fourth. The old classic 'password' is in eighth spot, while in ninth place is the comically bad '123' – though '1111' in twentieth is also pretty impressive.

Some other notable entries include '********' in 35th place, while 'gin' was the 29th most commonly used password.

The top password, 123456, appeared a stunning 7.6 million times among the two billion entries. Elsewhere, 'minecraft,' which was the 100th most popular, appeared almost 70,000 times, while the capitalized version 'Minecraft' appeared 20,000 times.

Another password that appeared often but isn't considered generic was 'India@123,' which was in 53rd place.

Comparitech compiled a few facts about the list, which it called a "showcase of human laziness." One-quarter of the top 1,000 passwords consisted solely of numbers; 38.6% contained the string of numbers 123; another 2% contained the descending numbers 321; 3.1% contained the string of letters abc; and many common passwords are made up of a single character.

While it's often recommended to use a password of at least 12 characters for improved security, 65.8% of the passwords on the list fell short of this number. Moreover, 6.9% used fewer than 8 characters, while 3.2% used 16 or more characters.

Many people today use browser-based password managers or dedicated password manager software/apps. While neither is 100% safe, they're still better than using 123456 and recycling login credentials across multiple apps and websites. Using two-factor authentication to help prevent account compromises is recommended, too.

It's not just everyday folks using bad passwords. It was reported this week that the Louvre museum's video surveillance system used the password 'LOUVRE.'