Despite years of effort to improve digital literacy, the data shows only marginal improvements in password hygiene.
Vietnamese people's favourite passwords in 2025 remain “123456” along with variations like “123456789” and “12345678”, according to a new report, underlining how little has changed in users' internet security practices.
Data from the seventh annual Top 200 Most Common Passwords study by NordPass and cybersecurity firm NordStellar noted that twelve out of Vietnam's 20 most used passwords were just simple number strings.
The report, which analysed password use globally and in 44 countries, found Vietnam to be one of the most 'stable' markets in terms of password habits, with almost no movement in its top rankings from previous years despite repeated warnings from security experts.
Words, predictable number combinations and keyboard patterns dominated the list, with entries such as “admin”, “Demo@123”, “kenboy00” and “abcd1234” appearing among the most common.
Globally, “123456” also retained its position as the most widely used password. It was followed by “admin” and “12345678”, reflecting what researchers said was a persistent reliance on weak sequences that are highly vulnerable to dictionary and brute-force attacks.
The study noted a rise in the use of special characters, with 32 passwords in the global top 200 containing symbols, compared with six last year. But many remained barely more secure, echoing formats such as “P@ssw0rd”, “Admin@123” or “Abcd@1234”. Variants of the word “password” continued to feature prominently worldwide, including in local languages from Slovak to Spanish.
“Despite years of effort to improve digital literacy, the data shows only marginal improvements in password hygiene,” said Karolis Arbaciauskas, head of product at NordPass in a press release. He warned that weak or reused passwords continued to play a role in about 80 per cent of data breaches.
Arbaciauskas said the industry was slowly shifting towards passkeys, a biometric-based authentication system that removes the need for passwords entirely. “But until passkeys become ubiquitous, strong passwords still matter, and attackers will keep pushing until they hit an obstacle they can’t overcome,” he said.