NordPass, together with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary.
Most common passwords in the Philippines
Below are the top 20 most common passwords in the Philippines. The full list of global passwords and those from other countries covered by this research is available here.
- 123456
- Gonzales56
- admin
- 12345678
- 123456789
- password
- 12345678910
- 12345
- 1234567890
- admin123
- Password
- 1234567
- learning
- smartbro
- 123123
- P@ssw0rd
- Aa123123
- qwerty123
- 123qwe
- abc123
Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, Filipinos seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate the Philippines’ top 20 list.
This year, “123456” is the most common password in the Philippines again, while “Gonzales56” ranks second. However, different variations of the word “password” take up as many as three spots in the Philippines’ top 20 most common passwords list. Different numeric combinations take up eight spots.
Researchers also point out that sports-related terms (e.g., “football,” “baseball”) are being replaced by swear words in some countries. This is not the case in the Philippines as the vast majority of passwords are created from simple variations of letters and numbers.
Global trends
Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
The word “password” remains one of the most popular passwords worldwide. It’s used both in English form and in local languages in nearly every country we studied — from Slovak “heslo” and Finnish “salasana” to French “motdepasse” and Spanish “contraseña.”
“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals intensify their attacks till they can,” says Karolis Arbaciauskas, head of product at NordPass.
The myth of the “Digital Native”
Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.
Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers.
Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”
The full list is available here.
Password safety tips
According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:
- Create strong random passwords or passphrases. Passwords should be at least 20 characters long and consist of a random combination of numbers, letters, and special characters.
- Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets stolen, hackers can use the same credentials for other accounts.
- Review your passwords. Make sure to regularly check the health of your passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.
- Use a password manager. It can help you generate, store, review, and safely manage all your passwords, ensuring they’re well protected, difficult to crack, and easily available when you need them.
- Turn on multi-factor authentication (MFA). It adds an extra layer of security. MFA helps keep hackers out even if a password gets breached.
Research methodology
This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specializing in cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed searching for passwords exposed from September 2024 to September 2025, extracting statistically aggregated data. No personal data was acquired or purchased for this research.
