What are the most commonly leaked passwords in Germany?

A new list of the nine most commonly leaked passwords in Germany has been published, shining a spotlight on the nation’s digital habits.

The Hasso Plattner Institute (HPI), a leading centre for digital engineering in Potsdam, released the findings to raise awareness on Data Protection Day on January 28th.

This year’s list reveals a familiar pattern: Germans still favour simple number sequences. Interestingly, it also appears to reveal a strong preference for English words over German ones when it comes to digital security.

The list compiled by HPI is based on the most commonly leaked passwords found on the dark web, which often reflects the most widely used passwords in the country.

The relationship is simple: the more a password is used, the more likely it is to be leaked in a data breach. 

The following passwords, often found alongside private identities, show that many people still use the simplest combinations allowed.

READ ALSO: 'Phishing, quishing and vishing' - How to protect yourself online in Germany

But even seemingly complex passwords, like names mixed with birthdays and a special character, are often reused across multiple services – a risky habit that makes life easy for cybercriminals.

According to the researchers, the top nine most commonly leaked passwords in Germany are:

1. 123456
2. 123456789
3. 565656
4. 12345678
5. hello123
6. coffee cup
7. 1234567
8. password
9. lol123

National variations

Germany isn’t necessarily more careless than its neighbours when it comes to password choices, but HPI’s data does reveal some fascinating differences across Europe.

“123456” tops the list in many countries, but in the UK, you’ll also find “qwerty” (the first six letters on the top left on a standard English-language keyboard), “sample123”, and football-inspired favourites like “liverpool” and “liverpool1”.

In Italy, popular passwords include first names such as “Guiseppe” and “Francesco”, as well as “ciaociao” and “amoremio”.

READ ALSO: Why is the internet so slow in Germany?

How to protect yourself online

Cyberfraud is a growing threat, with billions of stolen identities currently circulating online. The financial, professional and emotional consequences of data theft can be severe.

To help you stay safe, HPI and Germany’s Federal Office for Information Security (BSI) offer clear advice:

• Use long passwords (at least 15 characters) with a mix of upper and lower case letters, numbers and special characters.
• Never reuse the same password for different services.
• Use a password manager to keep track of your credentials.

• Change passwords if you suspect a security incident or if your password doesn’t meet these standards.
• Enable two-factor authentication (2FA) wherever possible.
• Consider using passkeys – a secure, password-free login method now offered by many services.

For extra peace of mind, HPI’s free Identity Leak Checker lets you see if your email address has appeared in a data leak. Similarly, the Have I Been Pwned website offers a similar service.