- Passwords linked to fast food remain common in more than 110,000 breaches
- Replacing letters with symbols no longer protects accounts from automated attacks
- Reuse of weak passwords continues to threaten individual and business security
Despite years of cybersecurity advice and pressure, many Internet users still rely on easy-to-remember passwords related to popular foods.
A new report from McDonald’s has revealed that common passwords such as “bigmac,” “happymeal” and “mcnuggets” appeared in more than 110,000 compromised accounts, according to data from Have I been fooled?.
Variations using basic character substitutions appear with the same frequency, indicating that familiarity continues to outweigh caution for many account holders.
Look
Substitutions no longer help
McDonald’s campaign, which includes posters and short videos, relies on humor and recognition to reach a wide audience.
The message is simple: passwords linked to popular foods are easy to guess and widely abused.
Replacing letters with symbols or numbers once added significant resistance against basic attacks, but this approach no longer protects against modern cracking methods.
Automated tools already take predictable substitutions into account and routinely test them during brute force attempts, because when a password begins with a common word, it takes little effort for attackers to cycle through known variations.
The persistence of these habits shows that awareness campaigns have had limited impact outside of technically inclined circles.
Security vendors frequently recommend long passphrases, multi-factor authentication, and automated credential storage, but despite this guidance, many users continue to treat passwords as the only line of defense.
Even younger users, who are more familiar with modern security tools, often reuse weak passwords across services.
Companies face the same problem internally, where administrative accounts occasionally rely on simple credentials despite formal policies.
This disconnect explains why basic password hygiene remains a recurring problem decades after it first emerged.
While the approach draws attention, it does not address the structural reasons why weak passwords persist, including convenience and resistance to change.
Public reminders can reduce the most obvious examples, but they rarely change behavior without supporting tools.
This is a wake-up call for users who still think that a weak password is enough. If users don’t know how to create a strong password, a password generator can create long, random credentials that don’t rely on recognizable words.
Password managers can help users store those credentials securely without needing to remember each one.
In organizational settings, an enterprise password manager centralizes control, reduces reuse, and limits damage when breaches occur.
Through The Registry
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
