Every year, Change Your Password Day serves as a reminder that online safety often begins with the simplest habit: choosing stronger passwords. This year, McDonald’s Netherlands decided to join the conversation in an unexpected way. Together with creative agency TBWA\NEBOKO, the brand launched a campaign that uses its most famous menu items to highlight just how predictable many passwords have become.
Rather than delivering a traditional security message, the campaign takes a playful approach. Digital billboards across the Netherlands displayed familiar McDonald’s product names presented as if they were real passwords. The executions carried a clear point: what is easy to remember is also easy to hack.
Real data behind a humorous idea
The creative concept is built on genuine information from Have I Been Pwned, a widely used platform that allows users to check whether their email addresses or passwords have appeared in leaked databases. Analysis of this data revealed that food-related terms, including McDonald’s classics, are frequently chosen as passwords.
According to the figures, the password “bigmac” alone has been used more than 110,000 times. Other menu-inspired choices such as “frenchfries,” “happymeal,” and “mcnuggets” have also appeared thousands of times in compromised datasets. These statistics formed the backbone of the campaign and gave the idea both credibility and relevance.
By placing these familiar words on outdoor screens as supposed passwords, the brand was able to visualize a common but risky behavior in a simple and memorable way.
Making vulnerability visible
At the heart of the campaign is a basic cybersecurity principle: strong passwords should not be recognizable words. Experts recommend combinations of letters, numbers and symbols that are difficult to guess. Yet many people continue to rely on personal interests, favorite brands or everyday terms when creating login credentials.
Darre van Dijk, chief creative officer at TBWA\NEBOKO, explained the thinking behind the project. “Many people use words that feel close to them as passwords. By putting McDonald’s iconic products out on the street as passwords, we show in a light-hearted way how familiar, and therefore vulnerable, those choices can be,” he said.
The minimalist design of the billboards reinforced this message. With no heavy explanations or technical jargon, the visuals allowed the insight to speak for itself.
A brand message with public value
For McDonald’s Netherlands, the campaign offered a way to participate in a global awareness moment while staying true to its own identity. Rather than promoting new products or offers, the brand used its cultural presence to encourage safer digital habits.
“Change Your Password Day is a great moment to reflect on digital safety,” said Karin van Prooijen, senior manager marketing at McDonald’s Netherlands. “With this campaign, we use our most recognizable products to encourage people to think differently about their online habits.”
The initiative demonstrates how consumer brands can address serious issues without abandoning their personality or tone.
Reaching audiences across platforms
Although digital billboards were the centerpiece of the activation, the message extended far beyond outdoor advertising. Online video content, social media posts and display banners were also used to amplify the campaign and remind users to reconsider their password choices.
Cybersecurity professionals have long warned that weak and reused passwords remain one of the main causes of data breaches worldwide. By connecting this warning to everyday behavior, McDonald’s and TBWA\NEBOKO managed to translate a technical problem into a relatable cultural moment.
In a landscape where digital threats continue to grow, the campaign delivers a simple takeaway: if your password is as familiar as your favorite meal, it is probably time to change it.
