No matter how often we’re urged to use strong and complex passwords to protect our accounts, many people still fail to get the message. And that’s not just the case not just with regular website users and employees: A report released Tuesday by password manager NordPass examines how even C-suite executives and business owners try to secure their accounts with some of the most unsecure passwords imaginable.
For its report “Top passwords used by business executives,” NordPass worked with independent researchers to compile a list of passwords compromised in more than 290 million data breaches across the world. The passwords were categorized based on job title and industry as the study focused on those found among CEOs, C-suite executives, business owners and managers.
The ever popular and ever vulnerable “123456” took top honors as the most common password in the list, found more than 1 million times. The password “password” came in second place among the four different types of roles, discovered more than 700,000 times. From there, the list diverged based on job title.
“12345” was the third most common password for CEOs and C-level executives and the fourth most common for business owners and managers. Next, “123456789” was the fourth most popular one for CEOs and C-level executives and the third most popular for business owners and managers.
To round out the top five, the easy-to-type but easy-to-compromise “qwerty” came in fifth among CEOs and C-level executives. “1234” took the fifth spot among business owners, while “Password” with a capital P earned fifth place among managers. Other passwords at the top of the list included “qwerty123,” “1q2w3e,” “111111,” “abc123” and “123123.”
But it wasn’t just easy to type and easy to remember letters and numbers that popped up as passwords. Many executives, managers, and business owners turned to popular names.
The two most common names used as passwords were “tiffany” and “charlie.” However, “michelle,” “ashley” and “jennifer” earned their own spots as well. Also on the list were “michael” and “jordan,” likely adopted by business executives who are also basketball fans. Even animals got into the act, both real and imaginary, with such passwords as “dragon” and “monkey.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Though many of the passwords found were laughably bad, the consequences of using such passwords are no laughing matter. In the event of a data breach, hackers can use brute force tools to obtain these passwords in less than a second, opening the door to account takeovers and compromises. And the danger is even greater when high-level executives use weak passwords, as such accounts can be the key to unlocking sensitive and proprietary data.
Tips to secure your business
To protect your organization from the hazards of weak and simple passwords, NordPass offers a few tips.
Use a password manager. Trying to devise and remember a strong and unique password for each account is impossible without some help. A password manager will create, store, and apply complex passwords for all your accounts. Most of the top password managers are available in business or enterprise versions that organizations can deploy and manage for all employees.
Stress cybersecurity training. Because weak passwords and other mistakes can lead to a data breach, invest in the right type of security training for all employees. Stress the importance of using strong passwords to protect user accounts as well as company data.
Implement multi-factor authentication. MFA adds a vital layer of protection. Even if an account password is leaked or stolen, an attacker can’t use it to sign in without that second form of verification from a mobile device or security key.