123456 and "password": the top weak passwords of Russians in 2026

123456 and "password": the top weak passwords of Russians in 2026

      Analysis of data leaks for 2025-2026 showed: every third adult user in Russia uses a password that a hacker can crack in less than a second.

      The most popular passwords among Russians: anti-rating

      Cybersecurity experts analyzed leaked databases from the past 12 months and conducted a survey among 2000 Russians. The result is disappointing: trends do not change for years. At the top of the weak passwords are combinations that can be guessed by automated brute force in fractions of a second.

      Top 5 most popular passwords in Russia (2026):

      1 123456 < 1 second The simplest numerical sequence

      2 123456789 < 1 second Extended sequence

      3 password < 1 second Standard English word

      4 qwerty < 1 second First letters on the keyboard

      5 qwerty123 1 second Combination of sequence + letters

      Other common weak passwords:

       Names and surnames   (admin, user, mail, vladimir, tatyana, alexey). Birth years   (1980, 1985, 1990, 2000, 1977). City names   (moscow, kazan, spb, novosibirsk). Names of children and pet nicknames   (maxim, sofiya, rex, murka, barsik). Russian words in Latin script   (mama, papa, lubov, privet, rabota). Brands and trademarks   (nokia, samsung, toyota, lada, apple).

      Why this is dangerous: the arithmetic of hacking

      Modern hacking programs can try up to 10 billion combinations per second. Any password that consists only of digits (up to 9 characters) or a single dictionary word is cracked instantly.

      Example:

      Password  katya2010  (daughter's name + year of birth) — cracked in 3 seconds.

      Password  qwerty123  — in 1 second.

      Password  password  — in 0.5 seconds.

      If you use the same weak password for email, social networks, online banking, and government services — when data leaks from one site, hackers gain access to all your accounts. This is called  "credential stuffing."

      Expert opinion: what an ideal password looks like

      Mikhail Kamyshev, cybersecurity expert (quoted from provided data):

      "The ideal password in terms of protection against guessing is a random combination of characters of four types: uppercase Latin letters, lowercase Latin letters, digits, and special characters (!@#$%^&). Example: G7$kL9#pQ2@mN5xR"

      The problem: such a password is impossible to remember. You will have to store it in a password manager (for example, Bitwarden, KeePass, 1Password) or write it down on paper, which is also unsafe.

      An alternative recommended by specialists: the "long phrase" method

      It is much more practical to use a password phrase — 4-5 random, unrelated words. Such a password:

      is easy to remember visually (you can imagine an absurd picture);

      is hard to guess by brute force (even a supercomputer would take years).

      Examples of reliable password phrases (from expert materials):

      camel-lamp-noise-den-calcium

      zebra-brick-web-soup-hammer

      cup-airplane-grass-grosbeak-button

      Why this works: the length of such a phrase is from 25 to 40 characters. Even if an attacker knows that you use only Russian words in Latin script (vernblud-lampa-shum-berloga-kalciy), trying all combinations of 5 words from 200,000 possible ones is mathematically impossible.

      How to strengthen a password phrase: simple rules

      Add a random digit at the beginning or end (not a birth year). For example:  9-camel-lamp-noise-den-calcium.

      Replace one space with a special character  ( @ # $ % ^ & * ). For example:  camel@lamp-noise#den-calcium.

      Make the first letter uppercase in one or two words. For example:  Camel-lamp-noise-Den-calcium.

      Do not use well-known phrases, proverbs, song lyrics, or lines from poems — they are in dictionaries for brute force.

      What to do right now: 5 steps to security

      Step 1. Check your passwords for leaks

      Step 2. Change the most critical passwords

      First of all, protect:

      Email (through which access to everything else is restored).

      Government services and banking apps.

      Social networks.

      Step 3. Use a password manager

      Step 4. Enable two-factor authentication (2FA)

      Even if an attacker steals your password, without a code from SMS or an authenticator app, they will not gain access. 2FA must be enabled for email, banks, and government services.

      Step 5. Avoid using the same passwords on different sites

      Each service should have its unique password. For unimportant sites (forums, stores without money), simple combinations can be used, but for important ones — only complex ones or phrases.

      What not to do: main mistakes

       Writing passwords in a text file on the desktop  (viruses read them first).

       Storing a list of passwords in the cloud without encryption.

       Sending passwords to yourself in Telegram/SMS/WhatsApp  (messengers are not fully encrypted).

       Using the same password for personal and work accounts  (a leak at work means a hack at home).

       Creating passwords based on personal information that can be found in the public domain (date of birth, mother's maiden name, pet's nickname, favorite movie).

      Conclusion: one phrase that replaces "123456"

      Instead of typing  qwerty123  for the hundredth time and feeling relieved, spend  5 minutes  creating a password phrase. Example from life:

      Password  fish-umbrella-scooter-thermometer-cookie  is easy to remember by imagining a fish with an umbrella riding a scooter and measuring a cookie with a thermometer. And a hacker will be trying this combination for  up to 300 years  on a regular computer.

      Remember:  a weak password is not your fault, but your responsibility. While you were reading this article, automated bots have already made a million attempts to guess  123456  for other accounts. Don’t let yours be next.

      Yulia Kazamarova

      More news on the event:

      123456 and "password": top weak passwords among Russians in 2026

      Analysis of data leaks for 2025-2026 showed: every third adult user in Russia uses a password that a hacker can crack in less than a second

      The most popular passwords among Russians: 19:08 12.04.2026 News of Zainsk - Zainsk

      123456 and "password": top weak passwords among Russians in 2026

      Analysis of data leaks for 2025-2026 showed: every third adult user in Russia uses a password that a hacker can crack in less than a second

      The most popular passwords among Russians: 18:45 12.04.2026 Zainsk-inform - Zainsk

123456 and "password": the top weak passwords of Russians in 2026 123456 and "password": the top weak passwords of Russians in 2026 123456 and "password": the top weak passwords of Russians in 2026

Другие Новости Казани (Казань716)

A meeting with military personnel took place at the center for psychological and pedagogical assistance. A meeting with military personnel took place at the center for psychological and pedagogical assistance. This is the 52nd meeting held at the initiative of the head of the district, Razif Karimov. Another warm meeting took place with the participants of the SVO at the center for psychological and pedagogical assistance. 12.04.2026. Zainsk-Inform. Republic of Tatarstan. Zainsk. April 12 - Cosmonautics Day Dear residents and guests of our Tetyushi district! Please accept sincere congratulations on Cosmonautics Day! 12.04.2026. Tetyushi district. Republic of Tatarstan. Tetyushi. A meeting with military personnel took place at the center for psychological and pedagogical assistance. A meeting with military personnel took place at the center for psychological and pedagogical assistance. This is the 52nd meeting held at the initiative of the head of the district, Razif Karimov. Another warm meeting took place with the participants of the SVO at the center for psychological and pedagogical assistance. 12.04.2026. Zainsk-Inform. Republic of Tatarstan. Zainsk. The singer Marat Yarullin had his merchandise t-shirt stolen after the concert in Apastovo. The singer Marat Yarullin had his merchandise t-shirt stolen after the concert in Apastovo. The artist addressed the kidnapper on social media, calling his actions despicable and low. The artist spoke about the unpleasant situation in his social media. 04.13.2026. Komsomolskaya Pravda Kazan. Republic of Tatarstan. Kazan. Five people died in a terrible car accident in Tatarstan. The number of fatalities in the terrible traffic accident in the Alkeyevsky district of Tatarstan, which occurred on April 11, has reached five. 12.04.2026. Tatarstan-New Century TV and Radio Company. Republic of Tatarstan. Kazan. Astronomers from KFU in Kazan are developing precise methods for landing on the Moon. Astronomers from KFU in Kazan are developing precise methods for landing on the Moon. The marathon was organized by the regional GTRK. Our television and radio company presented two major pieces. 12.04.2026. GTRK Tatarstan. Republic of Tatarstan. Kazan.

123456 and "password": the top weak passwords of Russians in 2026

Analysis of data leaks for 2025-2026 showed: every third adult user in the Russian Federation uses a password that a hacker can crack in less than a second. The most popular passwords among Russians: 12.04.2026. Zainsk-Inform. Republic of Tatarstan. Zainsk.