Will We Ever Learn? The Most Common Passwords in Brazil Have Been Revealed — and ‘123456’ Is Still in Use

Even With Security Alerts and the Increase in Virtual Scams, Millions of Brazilians Still Use Simple and Predictable Combinations, Like “123456” and “admin”, to Protect Their Online Accounts.

The digital fragility remains a concerning reality, even amid advancements in security technologies and increasing awareness campaigns.

A global survey by Peec AI and another national one by NordPass reveal that users worldwide — and especially in Brazil — still insist on using extremely easy-to-guess passwords.

The data shows an alarming scenario: “123456” remains the most used combination globally, appearing over 6.6 million times in leaks, while in Brazil, personal names and soccer teams feature among the most popular choices, with “lucas123” and “flamengo” being favorites.

Recomendado para você

Oil and Gas

Major Oil, Gas, and Energy Event Will Take Place in Brazil: Macaé Energy Will Gather Petrobras, Equinor, Prio, Among Other Suppliers and Energy Executives for Business, Networking, and Employment Opportunities

The Technical Agenda and the Fair in the City of Macaé Should Boost Discussions on Investments, Energy Transition, and Development of the Oil, Gas, and Energy Chain in the National...

Paulo Nogueira

1

The Dominance of “123456” and the Risk of Obvious Combinations

Peec AI analyzed 100 million passwords obtained from data breaches over the past six years and found that the numerical sequence “123456” remains supreme as the most common worldwide, used by millions to protect their accounts.

According to the company’s marketing director, Malte Landwehr, the use of simple combinations jeopardizes the security of personal and corporate data. “Using passwords like ‘123456’, which appears 6.6 million times, puts you and your information at high risk,” he warned.

He reminds that cyberattacks have become more sophisticated and that criminals use automated lists of popular words and combinations to try to breach accounts.

“Attackers often use dictionaries and lists of common passwords in their attempts to crack passwords, which is why it is important to create a password that is as difficult as possible to guess,” Landwehr stressed.

Vulnerability in Brazil

In Brazil, the scenario is not much different. A survey from the password management service NordPass revealed the most common credentials used by Brazilians in 2023, based on a database of over 4 terabytes of leaked information on the internet.

According to the study, the weakest passwords take less than one second to be discovered by automated programs. Among them, “admin”, “123456”, and “12345678” stand out — the same combinations that lead global rankings.

The list of the ten most popular passwords in Brazil is as follows:

1. admin (204,846 cases)
2. 123456 (137,551 cases)
3. 12345678 (46,666 cases)
4. 102030 (28,034 cases)
5. 123456789 (24,834 cases)
6. 12345 (22,426 cases)
7. gvt12345 (10,684 cases)
8. 12345678910 (9,710 cases)
9. password (8,687 cases)
10. 111111 (8,432 cases)

These combinations are considered “default passwords”, often used out of carelessness, laziness, or simply ignorance of the risks. The problem, according to experts, is that these credentials are the first to be tested by hackers.

Personal Names and Soccer Teams Among the Most Used Passwords

In addition to simple numbers, Brazilians also show attachment to personal names and soccer teams when defining their passwords.

According to NordPass, the combination “lucas123” was the most common among credentials that include names, appearing 3,993 times and ranking 27th overall. Other popular names like Pedro, Gabriel, Felipe, and Matheus also appear frequently.

Among the passwords inspired by teams, “flamengo” was identified 2,257 times, securing 50th place on the national list. “palmeiras” ranked 73rd, and “brasil” appeared in 27th place, demonstrating how sports preferences and patriotism influence users’ choices.

These patterns reinforce the warning from experts: passwords based on personal information or easily associated with the user’s identity are extremely vulnerable. Cybercriminals can cross check social media data and public leaks to discover combinations based on names, birth dates, teams, and cities.

The Patterns Revealed by Global Analysis

The study from Peec AI, which gathered data from breaches since 2019, categorized passwords into different groups to better understand behaviors. Among the most used names, “Michael” appeared 107,678 times, followed by “Daniel”, “Ashley”, “Jessica”, and “Charlie”.

In numerical values, the absolute dominance is of linear sequences — “123456”, “123456789”, “111111”, “1234567”, and “123123”.

Among the soccer teams, Liverpool, Chelsea, Barcelona, Arsenal, and Juventus lead the ranking, showing that the passion for clubs transcends borders.

In the field of famous figures, names like “Blink-182” (84,545 times), “50 Cent” (55,897), “Eminem” (43,344), and “Justin Bieber” (34,296) appear.

Among fictional characters, “Superman” was the most popular, used 86,937 times, followed by Batman, Wall-E, Hello Kitty, and SpongeBob.

These coincidences across cultures show that, although languages and contexts vary, digital security errors are repeated on a global scale.

How to Create Really Secure Passwords

Both Peec AI and NordPass recommend that users adopt long, complex, and unique passwords for each account. According to Landwehr, “the ideal password should have at least 12 characters and combine uppercase and lowercase letters, numbers, and special symbols like @, #, $, %, or !”.

He also suggests avoiding any predictable patterns, including personal information: “Hackers can easily guess names, birth dates, family members, pets, or hobbies that are publicly available.”

Another essential point is to not repeat the same password across multiple platforms. “If a hacker guesses your password on one account, they will likely try it on others,” Landwehr warned.

For those who have difficulty remembering so many combinations, the recommendation is to use password managers, tools that store, encrypt, and even generate secure passwords automatically.

The Strength of Multifactor Authentication

In addition to the password, experts emphasize the role of multifactor authentication (MFA) as an additional layer of security. This feature requires a second verification factor — such as a temporary code sent via SMS or an authenticator app, like Google Authenticator or Authy.

Even if someone discovers the main password, they will not be able to access the account without this second step. Landwehr recommends activating MFA especially on bank accounts, emails, and social networks, the most frequent targets of attacks.

What Security Experts Say

The security company Norton also provides important recommendations. It explains that the shorter and simpler the password, the faster an automated program can break it. Long and complex passwords drastically reduce the effectiveness of brute force attacks.

In dictionary attacks, hackers use predefined lists of common words — precisely those that appear most frequently in studies like NordPass’s.

To protect oneself, Norton suggests adopting coded phrases (such as “ILikeCoffee@2025”), changing passwords regularly, and never storing them in browsers or physical notes. It also recommends logging out of accounts after use, especially on shared computers.

Good Practices for Everyday Life

The study concludes with a set of good and bad practices that can make all the difference in digital protection.

DO:

• Use combinations of letters, numbers, and varied symbols.
• Choose passwords with a minimum of 8 to 12 characters.
• Change passwords periodically.
• Use reliable password managers.
• Enable multifactor authentication.

DO NOT:

• Use obvious passwords like “123456”, “password”, “qwerty”, or “111111”.
• Repeat the same password across multiple accounts.
• Use personal names, dates, or teams as a basis.
• Store passwords in notepads or browsers.
• Share your credentials.

The message is simple but essential: in times of mass leaks and automated attacks, digital security begins with a well-chosen password.

Whether “lucas123” in Brazil or “123456” globally, the problem remains the same — and the solution lies in the hands of the users themselves.

Inscreva-se

Entre com

Entrar

Eu concordo em criar minha conta

Quando você faz login pela primeira vez usando um botão de Login Social, coletamos informações de perfil público de sua conta compartilhadas pelo provedor de Login Social, com base em suas configurações de privacidade. Também obtemos seu endereço de e-mail para criar automaticamente uma conta para você em nosso site. Depois que sua conta for criada, você estará conectado a esta conta.

Não concordoConcordo

Notificar de

novos comentários de acompanhamento novas respostas aos meus comentários

Label

Nome*

Email*

Salvar meus dados para a próxima vez que eu comentar

Salvar meu nome, e-mail e site nos cookies deste navegador para a próxima vez que eu comentar.

ONESIGNAL ID

ONESIGNAL ID

Eu concordo em criar minha conta

Quando você faz login pela primeira vez usando um botão de Login Social, coletamos informações de perfil público de sua conta compartilhadas pelo provedor de Login Social, com base em suas configurações de privacidade. Também obtemos seu endereço de e-mail para criar automaticamente uma conta para você em nosso site. Depois que sua conta for criada, você estará conectado a esta conta.

Não concordoConcordo

Label

Nome*

Email*

Salvar meus dados para a próxima vez que eu comentar

Salvar meu nome, e-mail e site nos cookies deste navegador para a próxima vez que eu comentar.

ONESIGNAL ID

ONESIGNAL ID

0 Comentários

Mais recente

Mais antigos Mais votado

Feedbacks

Visualizar todos comentários