Weak passwords like '123456' remain the most common in Vietnam despite warnings

NordPass, which specializes in tracking leaked login credentials and online security threats, said in its latest annual report released over the weekend that "123456" was the most common password, used 1.9 million timesor more than twice the usage of second-placed "123456789."

Similar numeric patterns dominated the top 10 list. Also popular were common text-based passwords such as "admin" and "Demo@123."

Globally, "123456" remained the most used password, appearing over 21.6 million times, followed by "admin" at more than 21 million.

The most common passwords used in Vietnam in 2025. Photo from NordPass

The report said geography and culture play a major role in how users around the world create passwords, as common local first names and surnames often appear in them. In Vietnam, "nguyen" was among the most commonly used names.

For years "123456" has topped NordPass’s global list of the most used passwords.

Experts constantly warn users against relying on such codes, which can be cracked within seconds by hacking tools, especially with AI-powered systems.

Last year the U.K. became the first country to prohibit weak passwords such as "123456" and "admin" to help prevent cyberattacks.

Amid growing concerns over password vulnerability, many companies have begun adopting password-free authentication systems, the most popular being passkeys.

Microsoft said in December 2024 that its users should remove passwords from their accounts, stating "The password era is ending" and that it aims "to convince a billion users to love passkeys."

A passkey replaces traditional passwords and two-factor authentication (2FA) with account verification linked to users’ devices and secured with fingerprints and facial recognition.

Unlike passwords, this means a passkey cannot be leaked or stolen as they require a physical device, and unlike 2FA, they cannot be intercepted or bypassed. Its only drawback is that it requires an Internet connection.