Malaysia needs to focus on stronger passwords – “123456” doesn’t cut it!

• NordPass study shows widespread use of weak passwords like ‘123456’, emphasizing the need for stronger passwords.
• The report highlights passkeys as a promising solution for stronger cybersecurity.
• Streaming services in particular are in dire need of stronger passwords.

NordPass is renowned for its track record of analyzing password trends, often uncovering patterns that recur like timeless classics. This year, however, there’s a twist in its findings. NordPass has identified certain patterns, particularly in specific types of platforms. The increasing buzz around passkeys also brings to light the question of more effective user authentication methods.

In 2023, ‘123456’ emerged as Malaysia’s most commonly used password, according to the latest annual NordPass report. The study not only reviews the top 200 global passwords but also provides comparisons across 35 countries, focusing on password preferences for different services and any variations that exist.

Malaysia’s call for stronger passwords: the ‘123456’ lovers

The significance of World Password Day, held annually, is underscored by the persistence of commonly used, yet insecure passwords. The 20 most used passwords in Malaysia, featuring the usual suspects and some new entries, are listed below. For a comprehensive list, including global passwords, specific lists for 35 countries, and eight platform categories, click here.

1. 123456
2. admin
3. password
4. 12345678
5. abcd1234
6. 000000
7. 123456789
8. abc123
9. 12345
10. P@ssword.123
11. guru
12. Candycan1
13. qwer1234
14. P@ssw0rd
15. 111111
16. 1234567890
17. Kento123!
18. admin123
19. tmnet123
20. UNKNOWN

Password preferences vary globally, but certain trends are consistent. The NordPass study revealed that streaming services often use the weakest passwords, while financial accounts tend to have the strongest. In Malaysia and worldwide, ‘123456’ is the most common password, with around a third (31%) of the most popular passwords consisting of simple numerical sequences. Interestingly, passwords inspired by lemonade brand names have also gained popularity. Malaysians often opt for ‘Candycan1’, while Estonians prefer ‘Kelluke12’, potentially a nod to a local beverage.

Many users still default to basic passwords instead of creating more secure ones. ‘admin’, a commonly unchanged preset password, is one of this year’s most popular passwords in Malaysia – and several other countries, suggesting a worldwide comfort with the deault. The long-standing choice of ‘password’ remains the favorite, with variants like ‘P@ssword.123’ and ‘P@ssw0rd’ also prevalent in Malaysia, reflecting similar trends in countries like Germany and Mexico.

Shockingly, up to 70% of the passwords in this year’s global list can be cracked in less than a second, posing a substantial security threat.

The need for stronger passwords in streaming services

The study highlighted how people choose passwords for online platforms, revealing a concerning trend in password security levels. Streaming services, in particular, are plagued by notably weak passwords. Tomas Smalakys, the chief technology officer at NordPass, believes this might stem from users managing shared accounts and favoring easy-to-remember passwords for convenience.

With streaming platforms gaining popularity, the risk of cybercriminal attacks is rising. Users, especially on widely-used platforms like Netflix, often opt for easily guessable passwords. ‘netflix’ was identified as one of the top five common passwords for streaming services. Although it’s unclear if these are used specifically for Netflix accounts, the probability is high.

It’s worth noting that Netflix and similar platforms might benefit from implementing a system that encourages the creation of complex passwords during user registration.

On the other hand, it’s no surprise that people tend to be more vigilant with accounts linked to their finances. As a result, the strongest passwords are often reserved for financial services, reflecting the higher value and risk associated with these accounts.

Threats posed by browser-stored passwords

Researchers delved into a 6.6 TB database of passwords compromised by stealer malware, a significant threat in cybersecurity. This malware can capture personal data, including passwords, cookies, autofill information, and other credentials stored in browsers. It can even access files and system details, like the operating system version and IP address.

“The scariest part is that victims might not even realize that their computer is infected. Bad actors tend to hide malware in well-crafted phishing emails, imitating a legitimate organization, such as your bank or your company,” Smalakys explained.

The future of password security: moving beyond ‘123456’

Over the five years of its research, NordPass found ‘123456’ the most common password. Smalakys emphasizes that this worrying trend calls for new authentication methods.

Passkeys offer an innovative solution, automating password creation. When a user registers on a passkey-enabled site, their device generates two linked keys: a private one stored on the device and a public one on the website’s server. Authentication through biometrics matches these keys, allowing access.

“This technology will help eliminate lousy passwords, making users more secure. But, as with every innovation, passwordless authentication will not be adopted overnight. Users are more and more curious to test it out, but there’s still a lot of work to be done and password security still remains a matter of today,” Smalakys added.

---

---

---

---