After studying 19 billion passwords, one big problem: Over 90% are terrible

TL;DR: A new study analyzing more than 19 billion passwords from relatively recent data breaches between April 2024 and 2025 has found that the vast majority are weak. Alarmingly, only six percent of the leaked passwords were unique, leading researchers to describe a widespread epidemic of weak password reuse. Researchers with Cybernews found that most people (42 percent) use passwords that are eight to 10 characters in length, and that close to a third of those analyzed (27 percent) consist of only numbers and lowercase letters. Most online systems require passwords be at least eight characters in length – if not for this requirement, many would no doubt opt for even shorter passwords. Other popular trends include the use of common names, curse words, cities, countries foods, and animals in passwords. Despite decades of education on the topic, password security is clearly still a major issue that largely boils down to laziness. Creating a unique and strong password isn't difficult ... Read full article.