We're giving you a list of the top 10 trends for commonly exposed passwords. Why? Because the average person has as many as 227 passwords to remember. Unsurprisingly, this often leads to creating easy, memorable passwords that follow a popular theme.
But be careful: The more popular and easy-to-guess your passwords are, the more susceptible you are to cybercriminals.
Check out the list below to see if any of your passwords fit into these popular categories.
10 top trends for commonly exposed passwords
In an analysis of 3.3 billion distinct identity records, Spycloud identified 10 trends for commonly exposed passwords:
- Autumn / fall / leaves
- US Open / tennis / grand slam
- Cat / kitten / kitty
- Olympics / Paris Olympics / torch
- Zelda / Nintendo / Ganondorf
- Taylor Swift / Swiftie / Eras / Tortured Poets
- Super Mario / Mario / Donkey Kong
- Fortnite / Battle Royale / bus / storm / yeet
- Deadpool / Chimichanga / Wolverine / Marvel
- Charlie XCX, Brat, brat summer
Pop culture references clearly dominate this list, spanning from sports to music to video games and beyond. However, none could reach the popularity of autumn-themed passwords, with cat-themed options claiming third place.
Top 4 most common passwords
Those are the most popular categories for commonly exposed passwords, but what about the most common passwords overall? Well, the most used passwords of 2024 should come as a shock to no one:
- 123456
- 111111
- Admin
- Qwerty
Number sequences continue to be popular choices, with "Admin" often being favored for certain work accounts and "Qwerty" being a go-to option both personally and professionally.
Key password security takeaways
Here are some lessons we can learn from these top 10 password trends and top 4 most common passwords:
- Seasonal and pop culture references are not secure options. You should always use randomized letters, numbers, and symbols instead.
- Even if your password doesn’t use 1 through 9 in order, choosing numbers in a sequence makes your password incredibly easy for hackers to guess.
- Alphabetical sequences and dictionary words are just as bad. “Admin” and “qwerty,” for example, are very overused and easy to guess.
Don’t be surprised if your password made either list above. But just because your password isn’t part of the top 10 trends doesn’t mean you’re in the clear either.
Hackers will be able to guess your password much more easily if:
- Your password is too short and simple. This could look like a single word followed by a number or an exclamation point or a single numerical phrase like a birthdate.
- Your password is reused across multiple accounts. This practice should be avoided because once a hacker accesses one of your accounts, they’ll be able to access all of the accounts that share that password and guess any similar ones.
- Your password contains personal information. Using birth dates, personal information, or a street address isn’t suitable for a strong password.
My password falls into one of the trends. What now?
Weak and reused passwords are one of the most common reasons why data breaches occur. Luckily, there are some easy ways you can improve the security of your passwords.
The first thing you should do after discovering your password has made this list is to change your password to something long, unique, and complex. Here are some tips for how to create a strong password that won’t show up on a “common password trends list” ever again:
- Use a password generator to create long, complex, and random passwords
- Never use the same password for more than one account
- Store each password in a password manager
What might happen if I use one of these passwords?
If you have easy-to-guess passwords, you might not think you’re a target, but you’re at a higher risk of a data breach. When your password is stolen on one account, hackers can easily access other accounts, including banking and financial information, which can lead to credit card fraud and identity theft.
These crimes aren’t only dangerous to your finances and personal information—they’re also a pain to resolve. The Federal Trade Commission estimates that recovering from identity theft can take six months or 200 hours of work.
It’s time to strengthen your password game
If you know your passwords are weak, and you’re ready to level up your cybersecurity, you don’t have to do it alone—Dashlane’s Password Generator provides an easy way to apply all the rules, tips, and best practices surrounding password generation.
To further protect these strong passwords without ever having to remember them, always store them in a password manager, such as Dashlane. It has several layers of security built in, so you can store all your passwords, payments, and more in one secure location—without worrying about hackers gaining access.
If you find yourself using or witnessing the use of weak and reused passwords at work, your organization should consider getting a business password manager.
“I’ve been using the internet since I was 13 and I’ve been in numerous data leaks. When I started using Dashlane, I could easily see that I had 600 reused passwords. But more importantly to me, I could quickly see which critical passwords had been leaked. For instance, I need to know right away if someone has my bank password.”
—Ben Silver, Manager of IT Support, BentoBox
References
- Spycloud, “2025 Identity Exposure Report,” 2025
- Verizon, “2025 Data Breach Investigations Report,” 2025
Sign up to receive news and updates about Dashlane
