You would think the world’s wealthiest companies would have more than enough money to spend on proper cybersecurity. That may be the case, but the funds don’t seem to be going toward strong password protection. A report released Wednesday by password manager NordPass indicates that some employees at some of the richest companies are using weak passwords.
- Top bad passwords by all employees
- Popular terrible passwords by industry
- Weak passwords by country
- Tips for stronger passwords
Top bad passwords by all employees
In an analysis of the world’s 500 largest companies by market capitalization across 20 industries and 31 countries, NordPass found that weak and easily crackable passwords were prevalent. Words in the dictionary and names of people and countries, as well as simple combinations of numbers, letters and symbols, generally accounted for most of the passwords discovered by NordPass. But two of the worst offenders – “password” and “123456” – appeared among the top seven most common passwords for all 20 industries.
Popular terrible passwords by industry
Certain terrible passwords were popular based on the industry. For example:
- In the Technology and IT industry, “aaron431” was the third most common password.
- The password “dummies” was the sixth most common one among employees in the consumer goods sector.
- The word “snowman” was the 11th most used by people in the energy field.
- The term “sexy4sho” took 16th place among real estate employees.
- People working in finance seemed to be thinking about vacation with such passwords as “ready2go,” “vacation,” and “summer.”
Some 32% of the employees used some aspect of the company as their password. Many accounts used the full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, or the company product or subsidiary name as their passwords (Figure A).
“These types of passwords are both poor and dangerous to use,” NordPass CEO Jonas Karklys said in a press release. “When breaking into company accounts, hackers try all password combinations referencing a company because they are aware of how common they are. The employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something radically basic such as the company’s name.”
Weak passwords by country
The results also varied by country. Around 46% of the weak passwords were found in the U.S., followed by 8.6% in China, 5.8% in Japan, 4.2% in India, 4% in the U.K., 3.8% in France and 3.6% in Canada. Other countries collectively accounted for 22.8% of the research.
“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” Karklys said. “On the other, it is only natural because internet users have deep-rooted unhealthy password habits.”
Tips for stronger passwords
To help encourage stronger passwords among employees at your organization, Karklys offered the following tips.
- Make sure that passwords consist of random combinations of at least 20 uppercase and lowercase letters, numbers and special characters.
- Set up a multifactor authentication or single sign-on process. By using MFA or single sign-on functionality, you help reduce the number of passwords that people have to manage, and the number of times they have to enter a password.
- Determine which employees should receive account credentials. Be sure to remove access privileges for anyone who leaves the company and then reassign them only to people in need of certain access.
- Deploy a password manager. With a business-oriented password manager plan, employees can create and use complex passwords, while administrators can centrally manage password policies and access privileges.
Read next: Password management policy (TechRepublic Premium)