In 2025, cybersecurity in France faces a reality as perplexing as it is worrying: the passwords used by internet users remain astonishingly weak. The latest ranking established by NordPass reveals that despite the increase in cyberattacks, the French do not abandon their bad habits regarding IT security. Simple words like “admin,” “123456,” or “password” unfortunately remain at the top of the lists of most chosen passwords. The security blooper reel thus continues to grow, highlighting the glaring vulnerability of millions of users. This normalization of risk raises an essential question: what to do in the face of this persistence of weak passwords that jeopardize the protection of individual and professional data?
At a time when one in two data breaches is attributed to insufficient access security, understanding this issue and its dynamics is more necessary than ever. Through this article, we will explore the ins and outs of this situation, the psychological and technical reasons explaining this persistent choice of passwords that are both simple and ineffective, and possible solutions to break this vicious cycle. Because cybersecurity, far from being a boring obligation, is a matter of trust, comfort, and shared responsibility.
- 1 France 2025: the ranking of weak passwords defying cybersecurity
- 2 Young and elderly: same mistakes, same carelessness regarding weak passwords
- 3 What are the real IT risks linked to weak passwords?
- 4 How to progress in the face of the threat: advice and best practices against weak passwords
- 5 The security blooper reel: the most unusual and surprising passwords in France 2025
France 2025: the ranking of weak passwords defying cybersecurity
The annual NordPass report has shed light on what many suspected but often refuse to admit: in France, in 2025, the choice of passwords remains overwhelmingly in the very weak zone. Among the top 20 most used passwords, “admin” sits at the top, followed by the classic “123456,” then “password.” These simplistic and popular choices reflect a historical negligence towards IT security.
But this ranking is not limited to universal terms. The French also show local specificities in their choices, such as “azerty,” a mirror of the traditional keyboard, or unexpected words like “poisson” (fish) and “gazeuses” (soft drinks), which are ultimately part of a common lexicon rather than a thoughtful data protection strategy. This highlights a tendency to favor memorability at the expense of strength.
This continuity in weak passwords is also explained by a often mistaken perception of the threat. For many, increased complexity means discomfort and forgetfulness, which leads to excessive reuse of the same words or extreme simplicity. Yet, 80% of data breaches would be directly linked to this weakness in protections.
| Position | Password | Origin / Particularity | Associated IT Risks |
|---|---|---|---|
| 1 | admin | Default administration word | Immediate access to sensitive accounts |
| 2 | 123456 | Simple series of numbers | Easy and automated decryption |
| 3 | password | Generic English words | Exposed to dictionary attacks |
| 4 | azerty | French keyboard | Predictable by geolocation |
| 5 | poisson | Common term, simple word | Vulnerable to targeted attacks |
| 6 | gazeuses | Everyday word | Low robustness |
This table gives a precise idea of the major flaws in password management. It is obvious that this trend can only increase the risks of cyberattacks against both individuals and companies.
Why so much password vulnerability persists
Several psychological and practical reasons explain why users do not change their habits. First, the comfort provided by a simple password: easy to memorize, to type quickly, and unlikely to cause a lockout in case of forgetfulness. Then, the lack of knowledge or denial of the actual seriousness of the risks involved. Awareness campaigns, although numerous, struggle to sustainably change behavior, especially if technology does not promote the adoption of strong solutions like password managers.
- Fear of forgetting leading to choosing a simple word
- Illegitimate reuse of the same words across multiple accounts
- Use of familiar or cultural words to maintain memorability
- Wrong assumption that a few symbols are enough to secure
- Difficulty using tools to manage complex passwords
The vicious circle is thus complete. To break this chain, a joint effort from users, site designers, and competent authorities is needed through better ergonomics, targeted awareness, and strengthened minimum requirements.
Young and elderly: same mistakes, same carelessness regarding weak passwords
A surprising observation reinforces this security blooper reel: indifference to IT risks knows no generation. 18-year-olds show practices identical to those of 80-year-olds. Karolis Arbaciauskas, expert at NordPass, points out that password habits are extremely similar, even if millennials and Generation Z sometimes introduce terms from popular culture or local slang.
This generational homogeneity in password weakness is partly explained by social and educational behaviors. The lack of in-depth cybersecurity training in schools and professional environments creates fertile ground for negligence.
- Frequent use of simple or repeated numeric sequences
- Popular cultural references as substitutes for strong words
- Lack of real integration of cybersecurity in curricula
- Casual attitude towards online account protection
- General absence of automated tools usage to strengthen security
A detailed analysis of behavior also reveals that this phenomenon is not only cultural but also technological: the absence of strong validation mechanisms on certain services encourages even greater laxity.
| Age range | Preferred types of passwords | Common examples | Impact on data protection |
|---|---|---|---|
| 18-30 years | Slang, cultural references, easy numbers | cool, 1234, freestyle | Low protection, increased risk |
| 60 years and over | Numeric sequences and simple everyday words | password, 1111, toto | Exposure to cyberattacks |
What are the real IT risks linked to weak passwords?
Facing this cybersecurity blooper reel represented by the persistence of weak passwords in France 2025, it is crucial to understand the real risks involved. A weak password often constitutes the first vulnerability exploited by hackers during a cyberattack. In 80% of cases, data breaches are attributed to reuse or weakness of passwords.
The consequences are not only financial. They also affect privacy, trust in digital environments, as well as service availability. Hacking an email or bank account, compromising sensitive personal data, spreading ransomware, or identity theft are all threats incurred.
- Theft of sensitive personal information
- Hijacking of bank or professional accounts
- Damage to digital reputation
- Spread of malware and ransomware
- Risks of compromise of confidential company data
The weakness of passwords facilitates hackers’ work who have increasingly sophisticated tools to break these protections. It should also be noted that some so-called “complex” fake passwords (for example, admin@123) are easily detected and bypassed by hacker algorithms.
| Risk type | Description | Concrete example |
|---|---|---|
| Data theft | Unauthorized access to private information | Customer data leak from a company |
| Identity theft | Fraudulent use to deceive a third party | Creation of fake profiles on social networks |
| Financial impact | Loss of money following bank hacking | Theft from an online bank account |
| Ransomware | Access blocking of data against ransom | Targeted attack on a hospital or SME |
How to progress in the face of the threat: advice and best practices against weak passwords
The fight against weak passwords is an absolute priority to strengthen individual and collective cybersecurity. Several methods can improve data protection while limiting user frustration.
Firstly, the systematic adoption of password managers is essential. These tools generate complex and unique alphanumeric strings for each account. They also offer centralization and secure backup of access credentials.
Furthermore, implementing multifactor authentication (MFA) becomes essential. Adding a second factor, whether a smartphone, a physical key, or biometrics, greatly complicates the hacker’s task who manages to obtain a weak password.
- Use of a recognized password manager
- Creation of long and unique passwords (minimum 12 characters)
- Activation of two-factor or multifactor authentication
- Never reuse the same password on different services
- Regularly update passwords and their associations
Finally, continuous awareness, notably in schools, companies, and for the general public, is an indispensable lever to change mindsets. Developers and administrators must also integrate minimum robustness requirements from the design stage to prevent the creation of overly weak passwords.
| Solution | Advantages | Limits |
|---|---|---|
| Password manager | Simplifies generation and memorization | Learning required and trust in the tool |
| Multifactor authentication | Enhanced protection through second factor | Can be cumbersome or sometimes unavailable |
| Regular password changes | Reduces accumulation risks | User fatigue, risk of errors |
The security blooper reel: the most unusual and surprising passwords in France 2025
The NordPass ranking did not only deliver a list of weak passwords; it also revealed surprisingly original choices that contribute to this great cybersecurity blooper reel. Beyond the classics, there is a range of unusual terms, often inspired by everyday objects, food, or cultural references.
Among these curiosities, “poisson” (fish) or “gazeuses” (soft drinks) surprise by their unexpected appearance. The fact that such trivial terms appear in the top 20 clearly shows the absence of a coherent strategy in access protection. These words are easy to remember but just as easy to guess, especially when linked to language and local culture. This trend illustrates that risk does not always rhyme with complexity, but often with excessive familiarity.
- Everyday terms such as “poisson”
- Words related to food or drinks
- French linguistic references, for example “azerty”
- Whimsical choices without security concerns
- Common patterns despite apparent diversity
This phenomenon urges reflection on cybersecurity education: how to convince users to go beyond their comfort zone to adopt truly securing habits? It is a major challenge for 2025. The persistence of these easily replaceable words must be a warning signal for all data protection stakeholders.
| Password | Origin | Why it’s risky |
|---|---|---|
| poisson | Common, simple name | Too easy to guess, especially in France |
| gazeuses | Common word | Lack of complexity, predictable |
| chocolat | Popular food | Often in dictionaries used by hackers |
| azerty | Keyboard layout | Easy to guess through geolocation |
| bonjour | Simple expression | Vulnerable password |
