A new study into online security behaviour indicates that Generation Z have poorer password habits than older age groups. Research by password manager NordPass found that the most common password among those born after 1997 is the simple numerical sequence “12345”, closely followed by other predictable number strings. The word “password” also featured in the top ten, alongside the trending term “skibidi”.
++ The peregrine falcon: nature’s fastest killer in the sky
By comparison, Baby Boomers – born between 1946 and 1964 – most frequently opted for “123456”. The same password also proved the top choice among Millennials and Generation X, although it offers only marginally better protection.
The report challenges assumptions that younger internet users, often regarded as “digital natives”, possess stronger cybersecurity awareness.
“We tend to believe younger generations inherently understand online risks because they have grown up with technology, but our findings contradict that idea,” the authors noted.
Despite years of cybersecurity campaigns, the researchers said there had been little progress in improving everyday password practices. Similar conclusions emerged earlier this year from Bitwarden, which surveyed thousands of workers across Australia, France, Germany, Japan, the UK and the US. It found that 72 per cent of Gen Z respondents reuse passwords across multiple accounts, compared with just 42 per cent of Baby Boomers.
However, younger users appear more willing to adopt modern security tools, including biometrics, passkeys and two-factor authentication. A scams report released by Google in June showed that Gen X and Baby Boomers still rely heavily on traditional passwords as their primary login method.
“Digitally native Gen Z users are moving away from outdated security norms, choosing more advanced authentication systems,” said Evan Kostovinos, Google’s vice president for privacy, safety and security. He added that while infrequent password updates may seem careless, a shift towards safer and more convenient sign-in alternatives is ultimately beneficial.
++ Government moves to assure fuel security amid Lindsey refinery collapse
Major technology companies, including Google, continue to advocate for a gradual move beyond passwords, arguing that the long-standing method is inconvenient and increasingly vulnerable to phishing attempts and data breaches.
