Thailand has a password problem

Key facts

• Thailand's cybersecurity authority has warned that weak and reused passwords remain one of the biggest gateways to modern cyber-attacks, with leaked login credentials increasingly being exploited to gain access to mobile banking accounts, corporate systems and users' broader digital identities.
• National Cyber Security Agency (NCSA) secretary-general AVM Amorn Chomchoey delivered the warning during the recent Fortinet Accelerate 26 APAC – Thailand Edition Fast Forward Edition, where he outlined the country's evolving cyber-threat landscape and revealed statistics on the "Top 20 Most Used Passwords in Thailand".
• The findings showed that many Thai users continue to rely on easily guessable passwords such as "123456", "12345678", "1234", "password" and "admin", underscoring persistent weaknesses in basic cybersecurity practices.
• AVM Amorn said credential leaks -- involving stolen usernames and passwords -- remain among the primary causes of cyber-attacks worldwide, particularly as cybercriminals increasingly target user accounts rather than attempting technically sophisticated system intrusions.
• "Hackers today often do not need advanced techniques to penetrate systems," he said. "If they can obtain leaked credentials or easily guessed passwords, they may immediately gain access to email accounts, enterprise systems, mobile banking platforms, cloud storage services and other critical digital assets."