Study reveals SA’s top 20 most common passwords

Researchers have observed a significant increase in the use of special characters in passwords.

---

This year, “admin” is the most common password in South Africa, replacing last year's top choice of “123456”. Additionally, “admin” made the biggest leap, climbing from 20th place in South Africa last year.

This is according to NordPass, together with NordStellar, which has released the seventh edition of its annual Top 200 Most Common Passwords research.

In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary.

For the research, recent public data breaches and dark web repositories were analysed for passwords exposed from September 2024 to September 2025, with statistically aggregated data extracted. NordPass says no personal data was acquired or purchased for this research.

The top 20 most common passwords in SA are:

See also

Why passwords continue to fail

User apathy reduces power of password protection

1. admin
2. 123456
3. password
4. Kenzo007
5. 2345678
6. 12345
7. Password1
8. P@ssw0rd
9. sindy1
10. Jassie21
11. Scorpion1234
12. macebo123
13. Password
14. saskia
15. 123456789
16. jagadira
17. Dzunisani1
18. Fifteen15!
19. Password@1
20. Knowledge1

NordPass notes that although cyber security experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, South Africans seem to ignore the warnings.

It points out that words, number combinations and common keyboard patterns dominate South Africa’s top 20 list.

However, different variations of the word “password” take up as many as five spots in South Africa’s top 20 most common passwords list. Different numeric combinations take up four spots, it adds.

Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third − another simple numeric sequence, the research reveals.

NordPass says such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123” dominate top 20 lists across many countries.

Compared to last year, researchers observed a significant increase in the use of special characters in passwords.

This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@” and most of the passwords are no more complicated than “P@ssw0rd”, “Admin@123” or “Abcd@1234”, the company explains.

The word “password” remains one of the most popular passwords worldwide, it adds. It’s used in English form and in local languages in nearly every country studied − from Slovak “heslo” and Finnish “salasana”, to French “motdepasse” and Spanish “contraseña.”

“Generally speaking, despite all efforts in cyber security education and digital awareness over the years, data reveals only minor improvements in password hygiene,” says Karolis Arbaciauskas, head of product at NordPass.

“The world is slowly moving towards passkeys − a new passwordless authentication method based on biometric data − but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome.”

Research shows that for digital natives − those who grew up immersed in the online world − extensive exposure to technology doesn't automatically translate into a strong understanding of fundamental password security practices, or the severe risks associated with poor choices.

“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations − such as ‘12345’ and ‘123456’ − are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.

Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers, NordPass says.

Among Generation X, the most popular name used as a password is “Veronica”. For Baby Boomers, it's “Maria” and for the Silent Generation, it's “Susana”, it reveals.

According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyber attacks due to irresponsible password management:

Create strong random passwords or passphrases: Passwords should be at least 20 characters long and consist of a random combination of numbers, letters and special characters.

Never reuse passwords: The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.

Review your passwords: Make sure to regularly check the health of passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.

Use a password manager: It can help you generate, store, review and safely manage all your passwords, ensuring they’re well protected, difficult to crack and easily available when you need them.

Turn on multi-factor authentication: It adds an extra layer of security and helps keep hackers out even if a password gets breached.