IN A recently released research paper titled “Top 200 Most Common Passwords” underscored the ongoing security risks posed by weak, easily guessed passwords worldwide.
In the Philippines, according to the 6th edition annual report from password manager app developer Nordpass, “123456” is both the most popular password locally and globally, showcasing a trend where simple numeric sequences dominate. Despite frequent warnings from cybersecurity experts, people still gravitate toward convenience, using basic keyboard combinations like “qwerty,” “123456789,” and “password.”
Notably, the Philippines’ second most common password, “qwerty123,” exemplifies how users added minimal complexity without significantly improving security. Additionally, culturally familiar and emotionally resonant choices, such as “iloveyou,” “secret,” and “Blink123,” revealed that Filipinos favored memorable passwords, even if they were insecure.
Globally, 78 percent of the most common passwords could be cracked in less than a second, an increase from last year’s 70 percent, suggesting a regression in overall password strength. This year’s study also delved into corporate password practices, revealing that 40 percent of commonly used passwords overlap between personal and work accounts. Common corporate defaults like “admin,” “welcome,” and “newuser” are often retained instead of being changed, further exposing organizations to risks.
As Karolis Arbaciauskas, NordPass’ head of business product, noted, people’s password choices are driven by convenience and personal habits, which, if unmanaged, can compromise corporate security.
With people juggling hundreds of passwords across personal and professional accounts, weak and reused passwords remain an easy target for hackers. Often, attackers could exploit these vulnerabilities to access company IT systems, either by brute-forcing common passwords or by leveraging leaked credentials used interchangeably across personal and work accounts.
Properly manage passwords
To avoid falling victim to cyberattacks because of irresponsible password management, here are recommended simple but effective cybersecurity practices to follow:
– Create strong passwords or passphrases. Passwords should be at least 20 characters long because the latest studies show that longer passwords can do wonders. A secure password consists of a random combination of numbers, letters and special characters. Alternatively, you can use a passphrase. Imagine it as a long string of random words — it shouldn’t be a line everyone knows.
– Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets stolen, hackers can use the same credentials for other accounts.
– Switch to passkeys wherever possible. Passkeys are considered the most promising alternative to replace passwords for good. Most modern online service providers, including Google, Microsoft and Apple, offer passkey support for their clients.
– Set up a password policy in your organization. Password managers allow companies to safeguard their credentials and effectively manage them, setting up password rules within the organization. Multi-factor authentication (MFA) requirements should also be considered when adopting a password policy.
Be the first to comment