New research proves how important it is to use unique passwords – especially for your VPN

A Padlock on a keyboard
(Image credit: Alamy)

We've all heard the warnings countless times that using the same password in multiple locations is a cardinal sin, yet many still do. What's even more worrying is that in a new study, it seems that millions of people have been using duplicate passwords for their VPN. That's an absolute no-no. 

The results of the study by Swedish password manager and authentication provider Specops show that many users of the top VPN providers have had their passwords compromised. Even if you have one of the best VPNs in the world, using a duplicate password is akin to having an almost impenetrable castle, and then leaving the backdoor unlocked. 

With access to your VPN account credentials, hackers may be able to disable all of the protection that you get from using an encrypted connection, and even plant malware or steal sensitive data from restricted networks only accessible with the VPN. Given a lot of VPNs are used on work computers, that could be a nightmare. 

Poor password habits

The research reveals that over 2 million VPN passwords have been compromised over the past year, with the most passwords coming from the top consumer VPN providers. This makes sense, it's a lot easier to steal passwords through keyloggers and the like than it is to hack the most secure VPN services themselves.

A hand types on a laptop keyboard while the word PASSWORD and a login field are superimposed.

(Image credit: Daniel Chetroni/Shutterstock)

Of course, the best way to stop this kind of fraud happening is to use secure passwords and one of the best password managers, but sadly it seems people still don't. A 2024 Google poll found that 52% of Americans used the same password in multiple places. 

Of the more than 2,000,000 passwords stolen, the most popular were the usual suspects. Over 5,000 people used '123456' while the five next most popular passwords also consisted entirely of consecutive number strings. 554 people even used just 'password', for shame. 

The price of popularity 

As mentioned, some large VPN providers had a lot of users with compromised passwords. That makes sense as their larger customer base makes for a target-rich environment. 

Swipe to scroll horizontally
ProviderNumber of compromised passwords
Proton VPN1,306,229
ExpressVPN 94,772
NordVPN94,772

Of the 2.1 million VPN passwords compromised, a huge 1.3 million were from Proton VPN, with 98,000 from ExpressVPN and 89,000 from NordVPN. But as I mentioned, that's not to say these services are insecure. It is in fact a comment on the security of these services that it is the human element (the choice of passwords) that hackers are preying on. 

So why is Proton VPN by far the most represented provider in the list of victims? Well, that's because it offers one of the best free VPNs, giving it a massive amount of users. 

In short, this research shows that no matter how effective your privacy software is, that means nothing if you're not using a unique password.

Andy is a freelance writer with a passion for streaming and VPNs. Based in the U.K., he originally cut his teeth at Tom's Guide as a Trainee Writer before moving to cover all things tech and streaming at T3. Outside of work, his passions are movies, football (soccer) and Formula 1. He is also something of an amateur screenwriter having studied creative writing at university.

Read more
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
VPN on phone in front of US flag
43% of Americans use VPNs – should you?
VPN app on mobile phone
Are VPNs safe?
Red computer security warning
2.8 million IP addresses being used in brute force attack on VPNs
Graphic of fibre optic cables attacking code
An estimated 46,000 VPN servers are vulnerable to being hijacked
Best password managers
The best password managers in 2025
Latest in VPNs
VPN on phone in front of US flag
43% of Americans use VPNs – should you?
PIA
What is MACE from Private Internet Access?
ExpressVPN
Claim a week of ExpressVPN for free – we don't know when it's going to end
Flag of Iran flying
80% of Iranians are using VPNs to access the internet – but could government restrictions loosen?
VPN on smartphone in front of Pakistan flag
Pakistan has granted its first VPN licenses – but does this guarantee long-term legality?
French flag with silver padlock and chain in front of it
Leading VPNs could leave France due to blocking threats
Latest in News
Switch 2 and Mario
Nintendo Switch 2 key specs just revealed in new FCC filing
iPhone 17 Pro render
Apple iPhone 17 lineup revealed in new video leak — what they could look like
Honor Magic V teaser image
Watch out, Galaxy Z Fold 7 — Honor Magic V4 leak just revealed a killer foldable
Rachel Weisz as Marlee in "Runaway Jury"
Netflix top 10 movies — here’s the 3 worth watching right now
A young blonde woman watches tv in bed before she goes to sleep
This common nighttime routine ‘mistake’ may actually help you fall asleep faster, says expert
Google Maps
Google Maps just got a huge iPhone-inspired upgrade with Android 16 beta — here's how it works