You’d think that the generation that grew up with smartphones would know better. Gen Z – people born after 1997 – have managed to outdo their grandparents in one particularly unfortunate way. They’re using worse passwords.
New research on passwords has revealed something genuinely surprising. While Baby Boomers settle for “123456” as their most common password choice, Gen Z has gone one step weaker with “12345”. That’s right. The digitally native generation removed one whole digit from an already terrible password.
Here are the most embarrassing passwords Gen Z can’t seem to quit.
“12345”
This number sequence takes the crown as Gen Z’s most popular password. It’s like locking your front door with a Post-it note that says “the key’s under the mat.” Hackers don’t even need fancy software to crack this password. Automated cracking tools try common passwords first, and “12345” is always at the top of that list. The password appears millions of times in leaked databases, yet Gen Z keeps using it like it’s some kind of secret code.
“password”
Using the actual word “password” as your password is like setting your burglar alarm code to 0000. Gen Z ranks this password as their fifth most common choice, which is frankly baffling.
Think about what sits behind that password. Your private messages, your bank details, photos you’d rather not share with the entire internet. All “protected” by a word that literally describes what it’s supposed to be. It’s usually in the first dozen attempts of any brute-force attack, which means your account could be compromised in the time it takes to make a cup of tea.
“Skibidi”
Now we’re getting properly generational. “Skibidi” – lifted straight from viral internet culture – sits at number seven on Gen Z’s password list. Using a meme reference for password security is peak Gen Z energy, but it’s also insecure.
The problem is that if millions of people recognise the reference, so do hackers. Internet slang isn’t obscure. It’s the opposite of obscure. Adding a viral trend to a password dictionary takes about five minutes, and suddenly “skibidi” is just as easy to crack as “password” or “12345.” Memes are meant to be shared, not used to protect your personal information.
“assword”
Here’s where things get a bit embarrassing. “Assword” – yes, that’s “password” without the “p” – appears as Gen Z’s tenth most common password. Someone thought being cheeky would make their password secure. Someone was very wrong.
Password crackers don’t just try dictionary words. They try common variations, including simple deletions or character removals. Taking the first letter of “password” is exactly the kind of lazy modification the cracking software checks automatically. A seven-character password made of only lowercase letters can be cracked instantly.
How to actually create safe passwords
Length matters more than most people realise. Security experts recommend at least 12 to 14 characters, though 16 gives you better protection. Mix in uppercase letters, lowercase letters, numbers, and symbols. The more random, the better. “MyCatFluffy2025!” feels creative but follows predictable patterns. “xj65kSFaj$jsk!.3” is genuinely hard to crack.
But let’s face it, remembering passwords like that is impossible. That’s why experts also recommend using a password manager to generate these complicated combinations and store them securely. You just need to remember one strong master password. The manager remembers everything else.
And don’t stop there! Add more layers of protection – turn on two-factor authentication whenever it’s offered. Someone might crack your password, but they’d still need your phone to get in. This extra step gives you more chances to stay safe.
Finally, your connection matters as much as your passwords do. Understanding what a VPN does becomes relevant when you’re logging into your account from coffee shops or other public spaces. A VPN encrypts the data travelling between your device and the internet, making it much harder for scammers sharing the same network to intercept your passwords or personal information.
Remember, growing up with technology doesn’t automatically mean understanding how to protect yourself online. These password choices prove that. Pick something better than “12345”.
