Millions of internet users in Indonesia continue to use dangerously weak passwords, putting their online accounts at high risk. Recent research from NordPass in 2025 reveals that over 2.5 million Indonesians use "123456" as their password, while millions more rely on equally vulnerable options like "admin," "password," and "qwerty123."
Using easy-to-guess passwords invites hackers to breach accounts with minimal effort. Automated cracking tools quickly test common passwords in seconds, making popular weak passwords an open door to cyberattacks.
Top 20 Most Popular (and Risky) Passwords in Indonesia (2025)
Based on NordPass exclusive data, here are the 20 most frequently used passwords in Indonesia along with the number of users:
- 123456 – 2,583,980 users
- admin – 1,194,987 users
- 12345678 – 750,509 users
- 12345 – 493,143 users
- Kapler123 – 204,415 users
- 123456789 – 202,896 users
- password – 195,078 users
- guru123456 – 180,391 users
- Aboy1234 – 173,707 users
- Tanjung99 – 158,437 users
- asd123 – 144,101 users
- admin123 – 129,628 users
- 123123 – 92,999 users
- theworldinyourhand – 92,586 users
- bismillah – 91,893 users
- admin123456 – 80,441 users
- 1234567890 – 70,087 users
- P@ssw0rd – 67,960 users
- 1234567 – 66,927 users
- qwerty123 – 58,997 users
More than half of these contain simple numeric sequences such as “123” or repeating numbers. This signals that many users prefer ease of recall over security, making their accounts prime targets for brute-force attacks.
Why These Passwords Are Dangerous
Firstly, automated cracking tools like John the Ripper and Hashcat use massive databases of common passwords as the first attempt to unlock accounts. The password "123456" is generally the top candidate tested, often cracked in less than a second. Secondly, many of these passwords follow predictable keyboard patterns or sequential number combinations like “qwerty123” and “admin123,” which are widely known among hackers.
Additionally, users mistakenly believe that adding simple numbers to common words increases security. For example, passwords such as "Kapler123" or "Aboy1234" still remain easily guessable due to their predictable structure. Moreover, seven out of ten of the most common passwords globally appear on this Indonesian list, showing that attackers worldwide have ready-made keys to compromise accounts without specialized local knowledge.
Password Trends in 2024: Still the Same Risk
The list of the worst passwords in 2024 remains dominated by sequences such as “123456,” “123456789,” “password,” “qwerty123,” “111111,” and “secret.” This stagnation reflects a continued lack of cybersecurity education and awareness among users, despite the well-known risks tied to weak passwords.
Real Impact: Quick Account Breaches and Losses
In Indonesia, compromised accounts have been sold in dark web forums for approximately $3.50 to $14. These stolen credentials are used for phishing scams, distributing spam emails, or quickly draining e-commerce and digital wallet balances. The greatest danger arises when individuals use identical passwords across multiple platforms. One data breach can jeopardize every connected account.
How to Create Truly Secure Passwords in 2025
Users don’t need to memorize complex strings to achieve strong security. Follow these practical steps:
- Use random phrase methods: Create passwords based on personal but obscure sentences, for example, “I eat fried rice at 7 am in Jakarta!” becomes AmNgj7p@dJ!
- Enable two-factor authentication (2FA): An additional step via SMS, email, or authenticator apps provides a vital security layer even if your password leaks.
- Utilize password managers like Bitwarden (free), 1Password, or NordPass to generate and store random, complex passwords securely.
- Avoid using personal information such as pet names, birthdates, or city names, which can be easily found on social media.
- Regularly update passwords every six months, especially for critical accounts like email, banking, and e-wallets.
Changing weak, predictable passwords into strong, unique ones is a simple yet powerful defense against cyber threats. Millions of Indonesians are currently exposed due to their reliance on common passwords. By adopting better password habits and security tools, users can greatly reduce the risk of account takeovers in 2025 and beyond.
