ServicesEventsBlogAcademySupportContact
Free Consultation
Back to blog
CybersecurityFebruary 1, 2026 · 5 min

The danger of weak passwords

Passwords are the first line of digital defense, yet millions still use '123456'. Learn what makes a password truly strong.

Passwords are the first line of defense of our digital life. They protect our email, social networks, online banking, work platforms and essentially all of our personal information. Yet millions still use extremely simple keys.

According to NordPass's annual most-common-passwords report, the most common in Colombia recently include:

  1. 123456
  2. Admin
  3. 123456789
  4. 12345678
  5. 12345

This pattern isn't unique to Colombia — globally, the same combinations appear year after year. You can check NordPass's full list.

How they're cracked

  • Brute force: millions of attempts per second until the right one is found.
  • Dictionary attacks: lists of common words and previously leaked credentials.
  • Credential stuffing: reusing combinations obtained from prior breaches.

A historic example is the massive Yahoo account leak that affected billions of users. When that happens, credentials circulate in underground forums and raise the risk for anyone reusing passwords.

Three principles of a strong password

  • Length: the longer, the exponentially harder to crack (minimum 14 characters).
  • Complexity: a mix of upper, lower, numbers and symbols.
  • Uniqueness: a different password for each service.

Passphrases

A strong password like T7#kL9!pQ2@zX is secure but hard to remember. A practical alternative is passphrases: combinations of several words with no direct relation to each other.

Examples inspired by Kaspersky:

  • "l0sT@pas d3 lA AbueLa s0n ún1cas!"
  • "N0 hAy SIESta s1n jamÓn y s0mbra"
  • "eN lA plAza@lAs 6, tRajE y vErMut"

Important: don't use the examples literally. They're just a guide to build your own — and yours must be unique.

Password managers

If remembering them all worries you, an even safer option is a password manager (1Password, Bitwarden, KeePassXC). They generate and store long, unique keys and autofill them.

Essential best practices

  • Use a long and unique password for each service.
  • Enable multi-factor authentication (2FA) wherever available.
  • Use a password manager.
  • Don't share credentials over email or messaging.
  • Change your passwords if you suspect a leak.
  • Don't store passwords in unencrypted files.
  • Keep your devices up to date.

In cybersecurity, the difference between being exposed and being protected often starts with something as simple as your password.

Back to blogContact an advisor

Keep reading

Cybersecurity

What is a DDoS attack and how to protect yourself

Social Engineering

Social engineering: the threat you can't patch

Cybersecurity

Types of hackers: White, Grey and Black Hat

Need help with your cybersecurity? 💬