A new report from NordPass has once again exposed a worrying truth about our digital habits: Canadians especially younger ones are still using painfully weak passwords. And honestly, it’s not just surprising; it’s embarrassing.
Let’s start with the basics. According to the report, the most common password in Canada is “admin.” Not far behind are classics like “123456,” “password,” and for reasons known only to the digital gods “gallant123.” Even “1hateyou” cracks the top five. If this list doesn’t make cybersecurity professionals want to pull their hair out, nothing will.
Globally, things aren’t much better. “123456” remains the reigning champion of terrible passwords, proving we haven’t evolved much from the early days of dial-up.
But here’s where it gets interesting: younger Canadians Gen Z and millennials are more likely to use simple number combinations like “12345.” These are people who grew up surrounded by tech, who navigate apps and digital platforms instinctively, yet somehow skip one of the most basic rules of internet safety. It’s a strange paradox: high digital fluency, low digital hygiene.
Meanwhile, older generations are more likely to use names in their passwords “Veronica,” “Maria,” and “Susana” being common choices. Sure, they might be predictable, but at least they’re not “123456.” In a plot twist no one expected, baby boomers may actually be doing slightly better than Gen Z here.
We’re also seeing predictable patterns with special characters. The “@” symbol is the star of the show, usually tossed into simple, guessable passwords like “P@ssw0rd” or “Admin@123.” Adding a symbol doesn’t magically transform a weak password into a strong one but many people still behave as if it does.
The real issue the report highlights is this: weak, reused passwords remain one of the biggest causes of data breaches. And despite all the warnings, most people continue prioritizing convenience over security.
Yes, newer tools like passkeys, biometrics, and multi-factor authentication are gaining ground. Yes, organizations like the Canadian Centre for Cyber Security recommend using long passphrases, complex combinations, and unique passwords for every account. But none of this matters if users ignore the basics.
Let’s be honest password fatigue is real. Between banking apps, email accounts, streaming services, and social media, remembering dozens of complex passwords feels impossible. But that’s exactly why password managers exist. The report itself emphasizes that a reputable password manager isn’t just helpful; for the average person, it’s practically essential.
At the end of the day, the message is simple: if your password is on the list of 2025’s most common passwords, your digital front door is wide open. And cybercriminals don’t need an invitation.
We need a cultural shift around online security one where convenience doesn’t trump common sense, and where every generation takes personal cybersecurity seriously. Because the internet isn’t getting any safer, and our passwords shouldn’t still look like they were set in 1998.
