For yet another year, “123456” has topped global lists of the most commonly used passwords, according to newly compiled cybersecurity data. Despite growing awareness of online threats, millions of users continue relying on simple, guessable combinations, highlighting a persistent gap between digital risk and daily behaviour.

Why People Still Choose the Easiest Option

Cybersecurity analysts say the popularity of “123456” exposes a basic truth: most people prioritise convenience over security. Experts note that users often create accounts in a hurry, choose short passwords they can remember instantly, and underestimate the sophistication of modern cyberattacks.

A Habit Strengthened by Digital Fatigue

The digital age has burdened people with dozens of logins—from streaming platforms to banking apps. Psychologists suggest that “password fatigue” pushes users toward shortcuts. Easy patterns like “123456”, “password”, or birthdays are mental coping mechanisms to avoid memorising complex strings.

Data Breaches Show the Real-World Consequences

Security firms warn that weak passwords significantly increase the likelihood of account takeovers. Many recent breaches show hackers scanning the internet using automated tools that test common passwords first. Once breached, accounts can become entry points for identity theft, scams, and ransomware attacks.

Technology Alone Hasn’t Solved the Problem

Even as companies promote two-factor authentication and biometric login options, adoption remains uneven. In many countries, users avoid enabling extra security steps due to perceived inconvenience, reinforcing the continued reliance on basic passwords that cybercriminals can crack in seconds.

The Human Factor: Overconfidence and Risk Blindness

Behavioural researchers link weak password habits to optimism bias—the belief that “it won’t happen to me.” Many users assume their small online accounts hold little value, unaware that even minor personal information can be exploited or sold on dark web marketplaces.

What Experts Recommend Going Forward

Cybersecurity specialists urge people to adopt passphrases, password managers, and multi-factor authentication. They also encourage governments and companies to implement stronger default protections, such as forcing minimum password lengths and automated strength checks during account creation.

A Mirror to Human Behaviour

Ultimately, the persistence of “123456” isn’t just a cybersecurity failure—it’s a reflection of human behaviour under digital overload. As online services multiply, the tension between convenience and security continues to define how people navigate their digital lives.