SINGAPORE: A new report from Preply has revealed that “123456” is the most commonly cracked password in Singapore, appearing in over 42.5 million data breaches. The widely used combination takes less than a second to crack, making it an easy target for cybercriminals.
Despite its simplicity, the report highlighted that its sheer popularity has made it one of the most exploited passwords.
Several other weak password combinations were also found to be highly vulnerable, including “123456789,” which appeared in 18.3 million data breaches, “qwerty” (10.7 million), “password” (10.4 million), “12345678” (6.9 million), and “111111” (5.07 million).
The report described the presence of “password” on the list as predictable, emphasizing that using common words leaves accounts especially exposed to hackers.
An analysis of the data revealed that 96% of the most frequently breached passwords contain fewer than 10 characters. This highlights the importance of using longer and more complex combinations to enhance security. Commonly used and predictable passwords are a well-known weak point for organisations, often leading to serious security breaches.
In 2023, Singapore’s Personal Data Protection Commission (PDPC) fined edtech company LingoAce $74,000 after the personal data of 557,000 users, including current and former employees, was compromised due to a weak password. The administrator account of the organisation’s operations support system used “lingoace213,” a simple and easily guessed combination that exposed the company to cyber threats.
The evolving capabilities of artificial intelligence also pose a growing risk to password security. A report from Singapore’s Cyber Security Agency last year warned that AI-driven tools can crack over half of the most common passwords in under 60 seconds. The agency noted that AI can be used in brute-force attacks, automating the process of testing vast numbers of password combinations at unprecedented speeds.
Preply emphasised that using a strong password is the first line of defence against cyberattacks. To improve security, it is recommended that people avoid predictable sequences, incorporate special characters or unexpected capitalisation, and use passwords of at least 10 characters. It also suggested using words from different languages or dialects to make passwords more difficult to crack.
Language expert Yolanda Del Peso echoed this advice, noting that password-cracking tools often rely on word lists from popular languages. “Using characters from different languages makes passwords less predictable,” she explained.
However, she cautioned that not all systems support every character type, and users should ensure their chosen passwords remain compatible with various devices and platforms.