Back to Posts Password Reset logo

Password Reset: Volume 2

Oct. 10, 2025

How Passwords Evolved and What Comes Next

Passwords have been around for thousands of years. Roman soldiers used “watchwords” to control access to their camps, changing them daily to maintain security. In the 1960s, MIT’s Compatible Time-Sharing System introduced the first digital password system, allowing multiple users to access a computer while keeping their data private.

Today, we rely on complex passwords, passphrases, and multi-factor authentication (MFA). But the future is moving toward passwordless authentication, where biometrics and hardware tokens promise stronger security and greater convenience.

The Passwords We Remember and Regret

The 2013 Adobe breach revealed some particularly amusing choices like "photoshop" and "adobe123", demonstrating professional software users often choose painfully obvious passwords.

Some passwords have become famous for their cultural impact or notoriety for their weakness:

  • "Open Sesame" from One Thousand and One Nights, a mythical password to unlock treasure
  • "00000000", reportedly used as a Cold War-era nuclear launch code
  • "Swordfish", immortalized by Groucho Marx in Horse Feathers
  • "Chuck Norris", once used internally at Facebook as a master password

On the flip side, here are the top 10 most common passwords in 2025, based on analysis of over 19 billion leaked credentials.

  1. 123456
  2. 1234567890
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890

These passwords are easy to guess, often reused, and typically cracked in seconds. They remain popular despite years of warnings from cybersecurity experts.

Trophy case with a sign reading 'Password Hall of Shame' and trophies labeled with common weak passwords like '123456', 'password', and 'qwerty'.

What Makes a Strong Password

Security guidelines suggest creating passwords with a minimum of 12 characters that incorporate uppercase and lowercase letters, numbers, and special symbols. Passphrases such as “Elvis@Memphis&Rocky123” are typically both memorable and difficult to guess.

It is recommended to avoid using common patterns, dictionary words, or the same credentials across multiple accounts. Users should also be aware of phishing schemes that attempt to obtain passwords through deceptive means.

Password Managers: Your Digital Vault

At STACK Cybersecurity, we use Keeper to manage and protect passwords.

Keeper features:

  • Stores all passwords securely behind on master password
  • Monitors for breaches with BreachWatch
  • Generates strong, unique passwords
  • Offers emergency access for trusted contacts

Keeper's zero-knowledge architecture ensures encryption and decryption happen entirely on the user's device. This means Keeper never has access to your plaintext data. Only you do.

The Dark Web's Credential Crisis

The number of stolen account credentials available on the dark web has surged to an estimated 15 billion. These credentials are often sold in bulk, reused across platforms, and used to launch ransomware attacks, identity theft, and business email compromise (BEC).

NIST Updates Password Policy

A separate study showed 94 percent of leaked passwords are reused or weak. This reuse makes credential stuffing attacks highly effective.

Credential stuffing is a type of cyberattack where criminals use stolen usernames and passwords from one breach to try logging into other accounts. Because many people reuse passwords across multiple sites, attackers can gain access to email, banking, and business systems with minimal effort.

Looking Ahead: Passwordless Authentication

The future of authenticationis already here. Biometrics, hardware tokens, and single sign-on systems are replacing traditional passwords. These technologies reduce friction for users while increasing security, especially when paired with multifactor authentication.

Until passwordless becomes univeral, strong password hygiene remains essential.

Related Resources

Need help optimizing your passwords?

Call (734) 744-5300 or Contact Us to schedule a consultation with our team of professionals.

Cybersecurity Risk Assessment

Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cyber's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Learn More