Connect with us

Hi, what are you looking for?

White Papers

‘admin’ is most common password in PH in 2023

In addition to the 200 most common passwords worldwide and comparison among 35 countries, this year the study explored what passwords people use for different services, and whether they vary or not.

Photo by @franckinjapan from Unsplash.com

In 2023, “admin” was the most common password among Filipinos, as revealed by the fifth annual NordPass study. In addition to the 200 most common passwords worldwide and comparison among 35 countries, this year the study explored what passwords people use for different services, and whether they vary or not.

Passwords Filipinos loved in 2023 — the usual suspects and global trends

Amongst the 20 most common passwords in the Philippines, which are listed below, are both the same-old worst offenders and some newcomers. The full list with global passwords, separate lists for 35 countries, and 8 platform types are available here: https://nordpass.com/most-common-passwords-list/.

  1. admin
  2. 123456
  3. 12345678
  4. 123456789
  5. password
  6. 12345
  7. Password
  8. 1234567890
  9. 12345678910
  10. user
  11. smartbro
  12. learning
  13. admin123
  14. P@ssw0rd
  15. greatnews
  16. qwerty123
  17. iloveyou
  18. coffee1234
  19. wisdom
  20. 1234567

While passwords in every country, including the Philippines, vary greatly, there are some clear global trends. 

  1. The study concludes that people use the weakest passwords for their streaming accounts. In contrast, the strongest passwords are used for financial accounts.
     
  2. Instead of improving password creation habits, internet users have gone in another direction by sticking to already pre-configured passwords. The word “admin”, which, most likely, is one of the passwords that people do not bother changing, made it as this year’s most common password in the Philippines and many other countries.
     
  3. Internet users love numbers in their passwords. This year, the world’s most common password “123456” is ranked second in the Philippines. In fact, almost a third (31%) of the world’s most beloved passwords this year consist of similar numerical sequences.
     
  4. Love also serves as an inspiration for people’s passwords. In the Philippines, “iloveyou” makes one of the most common passwords. Similarly, “valentine” is trending in Belgium and “Sexy1234” in South Africa.
     
  5. Last year’s global winner “password” is not leaving internet users’ passwords. In the Philippines, “password,” “Password,” and “P@ssw0rd” are highly popular passwords this year. The same trend is observed in other countries, including Germany, Mexico, and others.
     
  6. As many as 70% of the passwords in this year’s global list can be cracked in less than a second.

*Data presented in this study does not represent absolute password usage worldwide. Researchers analyzed a sample of passwords extracted from publicly available sources, including those on the dark web.

Streaming accounts are protected with the weakest passwords

The study also revealed what kind of passwords people use for different platforms and whether they vary in strength.  

The weakest passwords are used to secure streaming accounts. According to Tomas Smalakys, chief technology officer (CTO) at NordPass, this could be associated with people jointly managing shared accounts and using easy-to-remember passwords for convenience.

Advertisement. Scroll to continue reading.

Unsurprisingly, people pay more attention to accounts they associate directly with money.  Therefore, they use the strongest passwords for their financial services.

Hackers target passwords saved on browsers

To find out about passwords internet users employ for different platforms, researchers analyzed a 6.6 TB database of passwords, exposed by various stealer malware, which experts consider a huge threat to people’s cybersecurity.

Malware attacks are particularly dangerous because malware logs contain a vast amount of information about the victim. For example, malware can steal information saved in your browsers, such as passwords and other credentials, source website cookies, autofill data. In addition to that, it can also steal files from its victim’s computer, as well as system details such as OS version or IP address.

“The scariest part is that victims might not even realize that their computer is infected. Bad actors tend to hide malware in well-crafted phishing emails, imitating a legitimate organization, such as your bank or your company,” says Smalakys. 

The future of passwords

Throughout the five years of NordPass conducting this research, “123456” was the top password four times. According to Smalakys, this is a clear sign that change in authentication is essential.

Advertisement. Scroll to continue reading.

Passkeys are a new form of authentication. The essence of this technology is that the user doesn’t need to come up with a password — everything is done automatically. When joining a website that supports passkeys, the user’s device generates a pair of related keys — public and private. The private key is saved on the device itself and the public key is stored on the website’s server. Without each other, they are useless. If the user is successfully identified by their biometrics, the passkeys are matched and the user successfully signs in.

“This technology will help eliminate lousy passwords, thus making users more secure. However, as with every innovation, passwordless authentication will not be adopted overnight. Being amongst the first password managers to offer this technology, we can see that users are more and more curious to test it out. However, there’s still a lot of work to be done and password security still remains a matter of today,” says Smalakys.

Tips for secure credentials’ management

While passkeys are still making their way to the mainstream, password and cybersecurity hygiene remains of utmost importance.

  1. Create long and complex passwords. “123456 just doesn’t cut it anymore,” says Smalakys. Easy-to-guess passwords essentially equal unlocked house doors, which is why he advises using 20 character-long random passwords containing uppercase and lowercase letters, symbols, and numbers.
     
  2. Avoid storing your secrets on your browser and adopt a password manager. With stealer malware attacks targeting credentials on browsers, third-party password management software are considered a more secure choice for credential storage.
     
  3. Start adopting passkeys. An increasing number of websites are now offering the option to access accounts with passkeys instead of passwords. While passkeys won’t completely replace passwords just yet, they are definitely the future of authentication.
     
  4. Stay vigilant. In order to protect yourself from stealer malware, pay close attention to anything that you download onto your computer. Malware is often distributed via phishing emails — so learn how to recognize them.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement