Zoomers are officially worse at passwords than 80-year-olds
- Reference: 1763470207
- News link: https://www.theregister.co.uk/2025/11/18/zoomer_passwords/
- Source link:
According to NordPass, there is no real difference between the security of those used by the younger generation and their supposedly tech-illiterate ancestors.
In fact, the security company's analysis of passwords this year shows the most common choice among those born in 1997 and younger was weaker than almost every other generation… by one digit.
[1]
"12345" was the top choice among Zoomers this year, whereas the far superior "123456" was preferred by Millennials, Gen X, and Boomers. So much for the "digital native" title often handed to the youngest generation.
[2]
[3]
And while there were a few more "skibidis" among the Zoomer dataset compared to those who came before them, the trends were largely similar.
Variants on the " [4]123456 " were among the most common for all age groups, with that exact string proving to be the most common among all users – the sixth time in seven years it holds the undesirable crown.
[5]
Some of the more adventurous would stretch to "1234567," while budding cryptologists shored up their accounts by adding an 8 or even a 9 to the mix.
However, according to [6]Security.org 's password security checker, a computer could crack any of these instantly.
Most attackers would not even need to expend the resources required to reveal the password, given how commonly used they are. They could just spray a list of known passwords at an authentication API and secure a quick win.
[7]
NordPass said: "Despite significant efforts over the years to educate users about cybersecurity through awareness campaigns, our data shows little improvement in widespread password hygiene and security habits.
"With the number of breach cases growing each year, the problem remains as prevalent and dangerous as ever, suggesting that current approaches fail to drive meaningful change."
[8]Louvre's pathetic passwords belong in a museum, just not that one
[9]You'll never guess what the most common passwords are. Oh, wait, yes you will
[10]Locked out of your Gmail account? Google says phone a friend
[11]Why UK businesses are paying ICO millions for password mistakes you're probably making right now
One glimmer of hope from the global data, taken from recent breaches and dark web repositories, was that the use special characters is on the rise.
On the list of [12]the 200 most common passwords of the year, 32 had some sort of special character – usually an @ – up from just six the year before.
NordPass said the @ character was often used in place of the letter A. Think "P@ssw0rd" and the like.
There were also no muscles being pulled when it comes to setting passwords in professional environments because "admin" and variations on that theme were also among the most common passwords in use presently. According to NordPass, it was the second most used password globally, and the top choice in countries such as Australia, Canada, Germany, Ukraine, the United Arab Emirates, the UK, and the US.
Surely, this many organizations are not choosing "admin" in the current cybersecurity environment, right?
We asked NordPass whether this was a sign of seriously poor password choices or if it was a case of default credentials not being changed (which isn't necessarily better).
A spokesperson said it was difficult to say conclusively what's going on, but other common default passwords, such as "welcome" and the classic "password," also featured heavily in the top-200 list.
As any good purveyor of password managers would do, NordPass recommended users get one, and use it to generate and store complex, unique strings for each login, as well as using [13]multi-factor authentication for extra peace of mind. ®
Get our [14]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aRymJmZy2RePRQcXUk0UHwAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRymJmZy2RePRQcXUk0UHwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRymJmZy2RePRQcXUk0UHwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2017/01/16/123456_is_still_the_worlds_most_popular_password/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aRymJmZy2RePRQcXUk0UHwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] http://security.org
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aRymJmZy2RePRQcXUk0UHwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/11/09/infosec_news_in_brief/
[9] https://www.theregister.com/2025/11/06/most_common_passwords/
[10] https://www.theregister.com/2025/10/16/google_gmail_trusted_contacts/
[11] https://www.theregister.com/2025/11/06/why_uk_businesses_paying/
[12] https://nordpass.com/most-common-passwords-list/
[13] https://forums.theregister.com/forum/all/2025/03/26/ncsc_influencers_2fa/
[14] https://whitepapers.theregister.com/
Re: "They can probably set up a printer faster"..?
Anyone still at school will know what a printer is, as they're still ubiquitus in education. Where I work we go through a pallet of A4 about every 3 weeks...
Re: "They can probably set up a printer faster"..?
Ah, there you are again, Ubiquitus!
Re: "They can probably set up a printer faster"..?
Every week SWMBO sends out a PDF handout for her patchwork class. The class members need to print it out, or at least the last sheet. Why? Because the templates are on the last sheet (sometimes on the last several sheets) and they need to cut those out. Not everything can be just read.
Re: "They can probably set up a printer faster"..?
I dunno, if the tablet you read the PDF on is thin enough you could push a needle through it a few times before everything went down the pan......
Re: "They can probably set up a printer faster"..?
As I'm over 30, I know entirely how to deal with setting a printer up.
"Hey, you do IT. Can you help me set up this new printer I got?"
"No"
weird....
In Italy the 11th most common password (used 12798 times) is "Tettine4" (literally, "little b00bs 4")
That's cute, but not really plausible IMHO.
No "correcthorsebatterystaple" in the top 200 yet, eh?
I suppose it would be too ironic to be able to exist in this reality. Pity, that.
"One glimmer of hope from the global data, taken from recent breaches and dark web repositories, was that the use special characters is on the rise."
Bollocks. Special characters add no extra security - the NIST password guidelines have detailed this for years.
Length is all that matters, hence the recommendation for passphrases instead of passwords.
It's so easy and powerful to only use a Welsh cyfrinair (password), I've used them for years and never had any issues.
Tell me, do you have a problem with your bowels ..... I mean vowels?
I have ever since moving to Wales!
---------> Mine's the sheepskin!
Typing Llanfair P G out in full is absolutely ofnadwy though
Ll@nfairpwllgwyngyllg0gerychwyrndrobwlll1antysiliog0gog0ch
Are the youngsters all using passkeys and mfa and the old folk keeping a little notebook or using the same one for everything?
There are too many accounts requiring a password and many of the less sensitive that I don't use very much I just create a keyboard mash password each time I use it and rely on the forgotten password process. It's sort of a half baked 2 factor.
Maybe I fall into the latter category being an old fart but can someone please explain to me the following:
I have a username and password with MFA. The password is a string of characters.
That is migrated to a username and passkey with MFA. The passkey is a string of characters
I have a hardware Yubikey that can do various level of authentication. One makes it usernameless and passwordless. I select the option to use it on login and guess what?
I have to enter the "Passkey" that looks incredibly like a password to me.
On the surface this looks to be very much rebranding a password to make it sound more secure. A string of characters is just that, you can call it what you want. I would rather the lunacy of logging in to a service that has MFA cheerfully sends the MFA to the very device I am logging in from.
Data Source?
Where is NordPass getting these passwords from? I thought that companies / websites stored passwords encrypted and just compared hashes when validating a logon. Or are my specs too rose tinted?
For an industry that chokes on "standards"
The lack of any standard over authentication to systems is baffling.
We know there is no standard because everybody+dog seems to have rolled their own idea.
Don't believe me ? How many times have you had to adjust your password generator because of peoples different idea of password complexity.
And don't get me started on secure storage - I am still getting passwords emailed to me in the clear/
Re: For an industry that chokes on "standards"
"I am still getting passwords emailed to me in the clear"
Slightly better SMS/Text in clear.
Getting otherwise cluey people to generate a ssh key pair and send the public key is usually a bridge too far.
The classic fail for me was receiving the QR code for the TOTP seed in clear in the sender's foolishlessly mistaken belief it was encrypted.
My password is far more secure than 1234567. It goes to 11.
Ah! The Snipal Tap password system!
Sorry, Nigel, repeating characters. That's the password equivalent drowning on somebody else's vomit.
"12345"…top choice among Zoomers…the far superior "123456" was preferred by Boomers
The far superior —who doesn't come here for the snark ?
I had to look up skibidis – not that I am much wiser—I'll probably stick with my first impression and stay with spinsterish old ducks on skis (ski + bidis/biddies.)
Curiously I understand that pre WW2 some strata of English society pronounced "ski" as "she" in the possibly mistaken belief that how it was pronounced in whatever nordic language from which it was half inched. They were pretty ignorant and clueless lot on the whole; probably still are.
So she-biddies works out rather serendipitously.
The problem with using long words like "serendipitously" for passwords is I forget how to spell them correctly, or otherwise, the same way. ;)
Websites & Special Characters
One of the worst things is when a website tells you your password must contain a special character.
You put one in and it then goes, we know we asked you for a special character, but you can't pick your own, you need to pick one of these ones.
"They can probably set up a printer faster"..?
Does anyone under 30 know what a printer is, let alone how to set one up? Surely the days of hard copy are behind us - if it's not on your phone screen, it's not going to be read.