Study: Employees at Largest Companies Use Easy-to-crack Passwords
All 20 industries analyzed had both “password” and “12345” among the top 7 most commonly used passwords.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
Even employees at the world's richest companies’ have unbelievably poor password habits, reveals new research by NordPass. Despite cybersecurity experts repeatedly urging businesses to take better care of corporate passwords, the wealthiest companies worldwide still find the world's worst passwords -- “123456” and “password” -- good enough to secure corporate digital assets.
“On the one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap. On the other hand, it is only natural because internet users have deep-rooted, unhealthy password habits. This research once again proves that we should all speed up transitioning to alternative online authentication solutions,” says Jonas Karklys, CEO of NordPass.
Though NordPass looks at the change in internet users' password habits year-round, this year the company specifically investigated passwords that employees of the world’s biggest companies from 31 countries use to secure business accounts. The researchers compiled 20 industry-specific passwords lists.
“Dummies,” “sexy4sho” Among Questionable Passwords
According to the study, the passwords “password” and “123456,” which shared the first two spots in last year’s list of the world’s most common passwords, are also popular among the largest companies’ employees. Across all 20 analyzed industries, both passwords were found among the seven most commonly used passwords.
Some industries were more creative than others. The password “dummies” ranks 6th among consumer goods sector employees, “sexy4sho” 16th among real estate employees, and “snowman” 11th in the energy field. Interestingly, people working for corporations in the finance field seem to be in a serious need of a vacation, with the passwords “ready2go,” “vacation,” and “summer” as their top picks for passwords.
Common Inspiration for Passwords
Same as among ordinary internet users, dictionary words, names of people and countries, and simple combinations of numbers, letters, and symbols make up most passwords presented in the research.
However, the remaining 32% indicate another interesting trend. The world’s wealthiest companies’ employees love passwords that directly reference or hint at the name of a specific company. The full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and the company product or subsidiary name are the common sources of inspiration.
“These types of passwords are both poor and dangerous to use. When breaking into company accounts, hackers try all password combinations referencing a company because they are aware of how common they are. The employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something radically basic such as the company’s name,” says Karklys.
Wide Representation of Countries and Industries
The password analysis was conducted in partnership with independent third-party researchers specializing in research about cybersecurity incidents. They examined the world’s 500 largest companies by market capitalization, which represented 31 countries and 20 industries.
The United States (46.2%), China (9.6%), Japan (5.8%), India (4.2%), the United Kingdom (4%), France (3.8%), and Canada (3.6%) are the countries most represented in this research. Also, most of the companies analyzed fell under the finance, technology and IT, and healthcare sectors.
Passwords Will Inevitably Die
The study complements a series of password-related research projects NordPass has delivered throughout the years. In 2021, the company looked into passwords Fortune 500 companies use, and in 2022, investigated the password habits of top-level business executives. Moreover, NordPass annually presents the “Top 200 most common passwords” research, which broadly covers the password trends of internet users.
“Although password trends slightly vary each year across different audiences, the general take is that people continuously fail with their password management, and the world desperately needs to switch to new online authentication solutions such as passkeys,” says Karklys.
Various progressive businesses such as Google, Microsoft, Apple, PayPal, KAYAK, and eBay have already adopted passkey technology and are offering passwordless log in to their users. According to Karklys, in no time, other online companies will follow this trend. NordPass has developed a solution to store clients’ passkeys and is developing a tool for businesses to easily integrate passkey support to their websites.
Tips to Secure Business Accounts
According to an IBM report, in 2022, stolen or compromised credentials remained the most common cause of a data breach in companies, accounting for 19%. Karklys says that by implementing a few cybersecurity measures, businesses could avoid many cybersecurity incidents.
- Ensure company passwords are strong. They should consist of random combinations of at least 20 upper- and lower-case letters, numbers, and special characters.
- Enable multifactor authentication or single sign-on. Although MFA set up on another device, connected with email or SMS codes, guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.
- Critically evaluate who is granted account credentials. Access privileges should be removed from people leaving the company and passed on only to those who need certain access.
- Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organization, ensure their strength, and effectively manage access privileges.