According to a recent study by NordPass, a business password management company, of all the industries out there, construction is the worst at keeping hard-to-crack passwords.
NordPass' study shows the most used passwords, and how vulnerable most businesses are to data breaches, despite years of warnings to create more sophisticated passwords. The list of passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents and was conducted to study password habits of high-level executives.
While there are various reasons behind these data breaches, poor password hygiene is often spelled out as one of the weakest links, the study said. This is true of CEOs, executives and everyday Internet users. The most popular password globally is: 123456.
Most Popular Passwords
To keep digital assets safe, it's important to select passwords that are unique and difficult to crack.
Despite the potential fallout of a data breach, most workers insist on setting passwords that are simple word and number sequences, such as “1q2w3e,” “12345,” “11111,” and “qwerty.”
The most popular business passwords:
1. 123456
2. password
3. 12345
4. 123456789
5. qwerty
The study also showed that top-level executives also extensively use names or mythical creatures as an inspiration when creating passwords. Among the most popular are “dragon” and “monkey.” The most widely chosen names used in passwords are “Tiffany,” “Charlie,” “Michael” and “Jordan,” which may or may not hint at the legendary basketball player. The complete list can be found here.
How Industries are Affected
Researchers analyzed more than 290 million data breaches worldwide for the study. They grouped passwords according to job title and industry.
Industries with the most data breaches:
- Construction
- Technology
- Finance
- Healthcare
- Hospitality
- Media
- Marketing
Last year, NordPass presented a similar study, delving into the passwords that Fortune 500 companies’ employees use to access their accounts. Below are the 10 most common passwords among the construction and manufacturing industry’s employees:
- Company name*
- password
- aaron431
- 123456
- Company name eu*
- 123ccp
- pass1
- company name*
- Company name*
- Company name*
* This password is a company name or a variation (e.g., Company name2002).
Data Breach Costs Increasing
One might expect business owners, C-suite, and other high-ranking executives to be more conscious about their security online than average internet users. However, the latest research of NordPass demonstrates that is not the case. “123456” and “123456789” rank in the top five among both audiences, according to this study and the NordPass’ annual Top 200 Most Common Passwords research. This significantly increases the risks of cyberattacks at both the person and company level.
“It is unbelievable how similar we all think, and this research simply confirms that — what we might consider being very original, in fact, can place us in the list of most common,” said Jonas Karklys, CEO of NordPass. “Everyone from gamer teenagers to company owners are targets of cybercrimes, and the only difference is that business entities, as a rule, pay a higher price for their unawareness.”
An IBM report reveals that in 2021, the average global cost of a data breach reached $4.24 million, which is 10% more compared to 2020. The attacks that happen due to compromised credentials cost even more, at $4.37 million and account for 20% of all breaches.
How to Keep Passwords Safe
According to Karklys, people can avoid many data breaches by following simple steps to improve password security:
- Deploy a password manager. Password managers allow you to store all the passwords in end-to-end encrypted digital storage locked with a single keyword for the most convenience. Most password managers have additional features to check passwords’ strength and automatically generate unique passwords. For organizations, they can come in handy when sharing passwords with employees or managing their access.
- Introduce cybersecurity training. Since simple human mistakes remain the leading cause of data breaches, it is worth investing in cybersecurity training sessions for employees. Starting from the basics might be a good idea given that people have different technology background levels.
- Enable multi-factor authentication. Known as MFA, it serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be separate apps, security keys, devices, or biometric data.
Read the full study here.
