The latest research shows that contrary to expectations, the generation labeled as digital natives—Generation Z—is setting weaker passwords than their grandparents. The Focus Keyword Gen Z weaker passwords appears in the title, slug, meta description and throughout this article.
What the Study Found
A recent analysis by password-manager firm NordPass found that Generation Z’s most common password choice was “12345”, a known weak sequence.
By contrast, older generations such as Baby Boomers and Generation X opted for “123456”, which is still weak, but marginally stronger.
More details:
- Among users born in 1997 or later (Gen Z), “12345” topped the list.
- For Millennials, Gen X and Boomers, “123456” remains the most common choice.
- The study also noted that 32 out of the top 200 passwords this year included a special character (e.g., @), up from just 6 last year.
Why It Matters
Weak passwords = easy targets
Very simple sequences like “12345” or “123456” are among the first tried by attackers using automated tools or credential-stuffing. The fact that Gen Z favours these basic strings means their accounts may be at greater risk.
The myth of digital native security
It’s often assumed that Gen Z, having grown up online, would have better cyber hygiene. But the study debunks that assumption. As one report put it, “We tend to assume younger generations … possess an innate understanding of cyber security … our research has debunked this misconception.”
Reuse and laziness amplify risk
Beyond mere password choice, Gen Z also shows higher likelihood of password reuse. One survey cited 72 % of Gen Z respondents reused credentials across multiple platforms, while only 42 % of Boomers did the same.
Behind the Behaviour: Why Is This Happening?
Several factors may explain why Gen Z is lagging in this area:
- Convenience over caution: With many services offering biometrics, auto-login, social sign-in, Gen Z may prioritise convenience and skip stronger password creation.
- Overconfidence in modern tools: Some younger users may rely on two-factor authentication or passkeys and assume the password doesn’t matter much.
- Fatigue and overload: Having grown up managing dozens of accounts (social, gaming, streaming) makes maintaining unique strong passwords tedious.
- Mis-prioritised risk perception: If an account seems low-value (e.g., a gaming site or forum), users may not feel the need to guard it with a strong password—even though weak links can lead to broader compromise.
What Experts Recommend
- Use a password manager to generate and store unique, complex passwords rather than re-using simple ones. (Recommended by NordPass)
- Enable multi-factor authentication (MFA) wherever possible to add an extra layer of defence.
- Avoid easily guessable sequences (e.g., “12345”, “password”, “admin”) and default device passwords. The analysis noted “admin” was still among the most common used globally.
- Consider passkeys or biometric sign-in where supported: these moves are gaining momentum and may reduce reliance on simple passwords altogether.
- Regularly review and update your passwords, especially for critical accounts (email, banking, social) where compromise can cascade.
Implications for Organisations & Individuals
For organisations
Companies employing Gen Z staff should treat the findings seriously: weak password practices among users translate into risk for IT infrastructure, data breaches, phishing susceptibility and compliance issues. Security training needs to focus on behaviour change, not just awareness.
For individuals
If you’re part of Gen Z (or have younger family members), it’s a good moment to rethink your password habits. A weak or reused password might seem harmless until it is exploited to gain access to more sensitive systems (via password reuse or lateral attacks).
Conclusion
The evidence is clear: despite growing up immersed in digital technology, Gen Z’s password habits are surprisingly weak—often worse than older generations. The Focus Keyword Gen Z weaker passwords has been integrated throughout for SEO.
Strong passwords alone don’t guarantee security—but weak ones invite risk. As cyber-threats escalate, this generation (and the wider population) needs to catch up fast. The good news: adopting password managers, MFA and modern alternatives like passkeys can help turn the tide.
