Despite rising digital awareness, “123456” remains India’s most-used password for the second consecutive year, exposing critical vulnerabilities in personal and enterprise cybersecurity.
NordPass, in collaboration with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research, and the findings for India are both alarming and revealing. The most used password in the country remains “123456,” followed closely by “Pass@123” and “admin,” proving that despite increasing cyber awareness, basic password hygiene is still largely ignored.
The Indian list shows a pattern of pretend complexity — users are adding symbols like @ or capitalizing letters, but still using predictable words and sequential numbers. Examples include Admin@123, Password@123, Kumar@123, India@123, Global123@ — formats that provide a false sense of security while remaining extremely vulnerable to brute-force and dictionary attacks.
“People think adding @123 makes their password strong, but attackers cracked this illusion long ago,” says Karolis Arbaciauskas, Head of Product at NordPass.
Interestingly, the report notes no significant generational difference in password habits. Gen Z may be digital natives, but their top password choices are just as weak as those of the Silent Generation — dominated by numeric sequences like “1234567890,” while older users tend to include names like “Veronica,” “Maria,” or “Kumar.”
Globally too, simplicity rules. “123456,” “admin,” and “12345678” continue to dominate across 44 countries, despite years of cybersecurity education. Although the use of special characters has increased significantly (from 6 passwords last year to 32 this year), most still follow predictable patterns: P@ssw0rd, Admin@123, Abcd@1234.
NordPass emphasizes that 80% of data breaches are linked to weak, reused, or compromised passwords, urging the adoption of multi-factor authentication, password managers, and eventually, passwordless authentication using passkeys.
Top 5 Password Safety Tips:
- Use 20-character random combinations instead of patterns.
- Never reuse passwords across accounts.
- Review and update old or compromised passwords.
- Use a password manager for safe storage.
- Activate multi-factor authentication (MFA).
As India advances towards a highly digital society, cybersecurity can no longer be left to “Password@123.” The illusion of complexity is no security at all.
