Password manager NordPass has released the sixth edition of its annual Top 200 Most Common Passwords research, revealing the most common passwords worldwide and including the Philippines.
Below are the top 20 most common passwords in the Philippines.
- 123456
- qwerty123
- qwerty1
- 123456789
- 12345
- 12345678
- password
- iloveyou
- qwerty
- Blink123
- 1234567890
- secret
- 1234567
- 123123
- Qwerty123
- Qwerty123!
- Qwerty1!
- Sample123
- Qwerty1234
- Qwerty1
NordPass, which partnered with NordStellar to run the study, concludes that this year’s list again includes the worst possible choices for passwords. However, some trends are radically new and worth exploring.
Almost half of the world’s most common passwords this year are made of the easiest keyboard combinations of numbers and letters, for instance “qwerty,” “1q2w3e4r5t,” and “123456789.” The Philippines is no exception, with such passwords leading the list.
With experts repeatedly urging Internet users to make their passwords stronger, many seem to have misunderstood the assignment. The popularity of “qwerty” has been challenged by similarly weak “qwerty123,” which is now the most common password in Canada, Lithuania, the Netherlands, Finland, and Norway. In the Philippines, this password also made a huge jump this year, reaching the second place.
The word “password” can now be considered one of the most common and enduring passwords. Year after year, it ranks at the top of every country’s list. In the Philippines, it is the second most-used password. For the British and Australians, it is the number one choice.
Filipino passwords revealed a mix of sentimentality and hints of pop culture. Phrases like “iloveyou” and “secret” showcase a preference for familiar, emotionally resonant words, adding a personal touch to password choices.
The unique “Blink123” suggests possible pop culture influence, perhaps reflecting fandoms or personal interests. This approach shows that many Filipinos lean toward memorable, meaningful words, even if they may not be the strongest security choices.
In the Philippines, “123456” holds the top spot as the most popular password, aligning with a global trend where this simple sequence remains the go-to choice in many countries.
According to the study, 78% of the world’s most common passwords can be cracked in less than a second. Compared to last year (with 70%), this tells that the situation has worsened.
Digging deeper, researchers additionally investigated how the passwords used both for personal and work use differ. The results are surprising — 40% of the most common passwords used among individuals and business representatives are the same.
Nevertheless, experts noted some interesting differences too. Default passwords such as “newmember,” “admin,” “newuser,” “welcome,” and similar are more commonly used for business accounts.
Passwords presumably created for new users with an idea that they will change them, such as “newpass”or “temppass,” also often get leaked because people are not big fans of changing their passwords.
“No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person. This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online,” said Karolis Arbaciauskas, head of business product at NordPass.
According to the previously conducted survey by NordPass, on average, a single Internet user has 168 passwords for personal use and 87 passwords for work use. While managing this load is simply too complicated for most, experts say that it is only natural that people tend to create weak passwords and, of course, reuse them.
However, weak passwords created by company employees serve hackers because with brute-force, dictionary, or similar large-scale attacks they can gain easy access to the company’s internal IT systems. In another common scenario, hackers break into the company using the leaked personal credentials of an employee just because they used the same passwords for both personal and work accounts.