Change Your Password Now If It’s On This List

If you use one of these 20 passwords, change it now. Update, May 25, 2025: This story, originally published May 23, has been updated with even more unsafe passwords to add to your do-not-use list following new research.

But what if you were wrong? What if your password is so weak it could be cracked in less time than it takes me to type the next word? Yes, it is that quick, folks. What if automatic password hacking machines laugh in the face of your security efforts? If your password is on this newly published list, change it now or suffer the inevitable hacking consequences.

The Password List You Don’t Want To Be On

You really don’t want to be on any password list, and most of them are compiled by cybercriminals using infostealer malware logs. But even with the global disruption of crime-industry leaders such as the Lumma Stealer network, your biggest enemy often isn’t the shady hacker after your credentials, it’s you yourself.

Let me explain through the optics of a May 22 Huntress Security report that revealed the 20 most commonly used and therefore weakest passwords you could deploy. Look, I get it, ease of use is key, if you’ll pardon the pun, and that’s why people stick to familiar passwords that they have used for years. Passwords that they share across accounts. Passwords that are easy to type as well as recall.

And that, right there, is your biggest mistake. If you do it, other people will do as well, and that’s why if your password is on this list you must change it now. No ifs or buts, no procrastinating, no I’ll do it later. Change Your Password Now. Here are the 20 most commonly used passwords to avoid:

  • 123456
  • qwerty
  • password
  • letmein
  • dragon
  • monkey
  • admin
  • 12345678
  • p@ssw0rd
  • 12345
  • abc123
  • iloveyou
  • changeit
  • dragonfly
  • monkeybusiness
  • qwertyuiop
  • 1qaz2wsx
  • asdfghjkl
  • n0tsec
  • ilovepizza

Even More Passwords You Must Never Use

The list of dangerously unsafe passwords appears to be growing longer by the day. An analysis of passwords commonly used across businesses, based on compromised credentials available in criminal marketplaces, has identified the most insecure passwords by industry and country.

Here are the top three from each of the industry sectors:

Finance

  • 12345
  • abcdefg
  • 12345678
  • qwertyuiop
  • 1qaz2wsx

Healthcare

  • iloveyou
  • password123
  • qwerty
  • letmein
  • p@ssw0rd

Technology

  • dragonfly
  • monkeybusiness
  • qwertyuiop
  • 1qaz2wsx
  • n0tsec

Why You Should Change Your PIN Code Now

If your PIN code is on the list of most commonly used passwords, you should change it. There’s another bunch of PIN codes that you should avoid as well, and these are the ones that can be cracked within the blink of an eye by new AI attack tools.

Any consecutive numbers, those that are created using pairs and patterns, and anything that is or resembles a date can be guessed easily. For example:

  • 5555
  • 123456
  • abcdefg
  • qwertyuiop
  • 1qaz2wsx

If your PIN code is on this list, you should change it immediately. Better still, switch to using passkeys instead, as they are way more secure and even easier to use.

Using a Password Manager: A Win-Win Situation

A password manager can help you create strong, random, and unique choices for your passwords, including passkeys. It also helps manage and use passkeys – it’s a win-win situation.

Switch to using a password manager today and take control of your online security!