SHAH ALAM - Despite years of warnings from cybersecurity experts, Malaysians are still relying on extremely weak passwords, with '123456' once again emerging as the most commonly used password in the country.
The finding comes from the latest Top 200 Most Common Passwords report released by password management service NordPass in collaboration with NordStellar. Now in its seventh edition, the annual study analysed leaked password databases worldwide, covering usage habits across 44 countries.
Malaysia was among the countries highlighted and the results show little improvement from previous years.
According to the report, '123456' appeared 221,833 times, solidifying its position as the nation’s most favoured password, unchanged from last year. Other popular choices include repetitive numbers, simple keyboard patterns and basic alphanumeric mixes.
Below are the top 20 passwords used by Malaysians:
- 123456
- 111111
- qwerty123
- admin
- 12345678
- Aaa111
- Asd123
- password
- abcd1234
- Ana111
- abc123
- 123456789
- 888888
- [email protected]
- P@ssw0rd
- 12345
- 12345678910
- ppppppp
- Abcd1234
- 1234qwer
NordPass said the rankings reveal that Malaysians remain heavily dependent on predictable combinations that hackers can crack in seconds using brute-force tools.
"Simple words, number strings and keyboard sequences continue to dominate the list. Seven of Malaysia’s top passwords consist solely of basic numbers, while six more use the most elementary mix of letters and digits," the company said.
The global trend mirrors Malaysia’s, with '123456,' 'admin,' and '12345678' topping worldwide lists as well.
The study also noted a rise in the use of special characters this year. However, many of these passwords were still considered weak because users simply replaced letters with symbols in predictable ways. Examples include 'P@ssw0rd,' 'Admin@123,' and 'Abcd@1234.'
The term 'password' itself continues to be a global favourite, appearing both in English and in local translations such as 'heslo' (Slovak), 'salasana' (Finnish), 'motdepasse' (French), and 'contraseña' (Spanish).
Despite the digital awareness campaigns held over the years, NordPass said improvements in password security remain minimal.
How Malaysians Can Protect Themselves
NordPass shared several basic steps Malaysians can take to strengthen their digital security:
- Create strong, random passwords of at least 20 characters.
- Do not reuse passwords across multiple accounts.
- Audit passwords regularly to identify weak or outdated ones.
- Use a password manager to generate and store unique passwords securely.
- Enable multi-factor authentication (MFA) wherever possible.
As cybercrime continues to rise, experts warn that even one weak password could expose users to hacking, fraud and identity theft.