Gen Z’s password habits are officially the weakest of any generation, according to the shocking 2025 NordPass report. In an era where cybersecurity threats lurk around every digital corner, you’d think the generation that grew up with smartphones glued to their hands—Gen Z—would be the gold standard for online security.
After all, these digital natives have been bombarded with warnings about phishing, ransomware, and data breaches since they could spell “password.” But a shocking new report from NordPass flips that script on its head: Gen Z’s password habits are not just mediocre; they’re statistically worse than those of their grandparents. Yes, you read that right—80-year-olds are out-securing the TikTok crowd when it comes to something as basic as picking a password.
If this sounds like a plot twist from a dystopian tech thriller, it’s not. It’s cold, hard data from real-world breaches and dark web leaks. At Black Belt Secure, we believe knowledge is your first line of defense, so let’s dive into the report, unpack the stats, and arm you with actionable steps to avoid becoming the next headline.
The Shocking Stats: Gen Z’s Password Fail
NordPass, a leading password manager provider, sifted through millions of compromised credentials from recent data breaches and shadowy dark web marketplaces. Their analysis? A collective facepalm for humanity’s password practices, with Gen Z (born 1997 or later) leading the pack in sheer laziness.
The King of Cringe: “12345” Reigns Supreme for Zoomers. While Millennials, Gen X, and Boomers at least stretch to the marginally “better” “123456,” Gen Z settles for the five-digit dud “12345” as their most common password. That’s right—cutting a single character makes it weaker, not stronger. This numeric shortcut appears in breach data more frequently among under-28s than any other group.
Global Goofs: “Admin” is the Sneaky Second. Across all generations, “admin” and its variants (like “Admin123”) dominate as the second-most-used password worldwide. It’s especially rampant in countries like the US, UK, Australia, and Germany—likely a holdover from lazy IT setups rather than deliberate choices. But Gen Z isn’t bucking this trend; they’re amplifying it.
Slight Silver Lining: Special Characters Creep In. There’s a tiny uptick in sophistication—32 of the top 200 passwords now include a special character (usually an “@” swapping for “a”), up from just six last year. Progress? Barely. It’s like putting a band-aid on a bullet wound.
NordPass doesn’t mince words: “Despite significant efforts over the years to educate users about cybersecurity through awareness campaigns, our data shows little improvement in widespread password hygiene and security habits.” In other words, all those PSAs and school assemblies? They bounced right off.
Head-to-Head: Why Gen Z is Losing to Grandpa
You might expect the “iPad kids” to innovate with complex passphrases or biometric logins. Instead, the report reveals eerily uniform bad habits across generations—but with Gen Z edging into the “worse” column. Here’s a quick comparison table based on NordPass’s breach data:
| Generation | Most Common Password | Key Weakness | Security Score (Out of 10)* |
| Gen Z (1997+) | “12345” | Shortest length; zero complexity | 2.1 |
| Millennials (1981-1996) | “123456” | Numeric only; easily guessable | 2.5 |
| Gen X (1965-1980) | “123456” | Relies on defaults; low variation | 2.4 |
| Boomers (1946-1964) | “123456” | Similar to above; age no barrier | 2.3 |
| Silent Gen (Pre-1946) | “123456” | Basic sequences; but fewer breaches | 2.2 |
*Security Score: NordPass’s proprietary metric based on length, uniqueness, and entropy from breached datasets.
The verdict? No generation is winning, but Gen Z’s preference for even simpler strings and trendy meme passwords makes their accounts prime targets. Older folks might stick to “Password1” out of habit, but at least it’s longer than the typical Gen Z’s password.
The Bigger Picture: Why This Matters for Your Security Posture
Weak passwords aren’t just a Gen Z problem—they’re an everyone problem, but the report underscores a dangerous complacency that’s worst among the youngest users. Cybercriminals don’t discriminate by age; they exploit easy wins. In 2025 alone, we’ve seen a 25% spike in credential-stuffing attacks. If “12345” or “skibidi” is anywhere in Gen Z’s password repertoire, you’re a walking invitation. The implications ripple out:
- Personal Risk: A single breach can cascade into identity theft, drained bank accounts, or doxxing.
- Enterprise Headache: With Gen Z entering the workforce en masse, companies face higher insider threats from poor habits.
- Societal Wake-Up: If the “tech-savvy” generation can’t get basics right, what hope for broader adoption of secure practices?
NordPass’s conclusion is blunt: Password hygiene remains “as prevalent and dangerous as ever.” It’s a stark reminder that awareness alone isn’t enough—action is.
Level Up: Black Belt Tips to Secure Your Password Game
Don’t despair; fortify. Here’s how to transcend Gen Z’s password mistakes and achieve black belt status:
- Ditch the Digits: Never use sequential numbers or dictionary words. Aim for 16+ characters with a mix of letters, numbers, and symbols—like “Bl4ckB3lt$3cur3!2025”.
- One and Done? Never Again: Use a unique password for every account. No reuse—ever. Tools like NordPass or LastPass make this painless.
- Manager Up: Password managers aren’t just for pros. They generate, store, and autofill complex creds across devices. Bonus: Most include breach alerts.
- Layer with MFA: Multi-factor authentication (MFA) is your sidekick. Even if a hacker guesses “12345,” they need your phone or authenticator app to win.
- Audit and Repeat: Run a free password strength check (try Have I Been Pwned?) quarterly. Change anything flagged.
By implementing these, you’ll not only outpace Gen Z—you’ll set the standard for the next wave of digital natives.
Wrapping Up: Time to Reset the Password Paradigm
Gen Z’s password pitfalls prove that being born digital doesn’t make you secure by default. As NordPass’s data shows, we’re all in this leaky boat together, but the good news? It’s fixable. At Black Belt Secure, we’re committed to turning awareness into action—one strong password at a time.
What’s your weakest password habit? Drop it in the comments (anonymously, of course), and stay tuned for our next deep dive. In the meantime, go audit those logins—you’ve got this.
Click here to read more blog articles!