Common and easy-to-guess passwords make it easy to compromise security
It’s hard to run your business today without being online in some capacity. And being online usually requires a password to get into your account.
There are several ways to handle that – the use of a password manager, for instance – or individual passwords. They need to be distinct and easy to remember. But common and easy-to-remember passwords are also commonly and easily guessed by hackers.
NordPass (NordPass.com), a password manager for business and consumer clients that allows users to access passwords securely on desktop, mobile and browsers, just published new research (https://nordpass.com/poor-company-passwords/) that showed a severe weakness in the passwords used by employees working in the construction and manufacturing industry. Passwords such as “123456,” “password,” and “aaron431” still make it to the top of the construction and manufacturing industry’s list.
Methodology
The poor-passwords list was compiled in partnership with a third-party company specializing in cybersecurity incident research. Researchers analyzed data that affected the world’s 500 largest companies by their market capitalization. The analyzed data was categorized into 20 different industries.
The researchers looked into the top 20 passwords in each industry.
The United States (46.2%), China (9.6%), Japan (5.8%), India (4.2%), the United Kingdom (4%), France (3.8%), and Canada (3.6%) are the countries most represented in this research. Also, most of the companies analyzed fell under the finance, technology and IT, and health care sectors.
Poor passwords
Below are the 10 most used passwords in the construction and manufacturing sector.
- part of the company’s name*
- 123456
- password
- aaron431
- part of the company’s nameeu*
- PART OF THE COMPANY’S NAME*
- part of the company’s name1*
- pass1
- part of the company’s name*
- company name*
*This password is directly referencing a company. NordPass is not naming the exact business. It notes the format in which this password was used, for example, the abbreviation of the company’s name, part of the name, or the name combined with other words or symbols.
Although NordPass looks at the change in internet users’ password habits year-round, this year, the company specifically investigated passwords that employees of the world’s biggest companies from 31 countries use to secure business accounts. The researchers compiled 20 industry-specific passwords lists.
“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” said Jonas Karklys, CEO of NordPass.
“On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits. This research once again proves that we should all speed up in transitioning to alternative online authentication solutions.”
“Dummies,” “sexy4sho,” and other questionable passwords
According to the study, the passwords “password” and “123456,” which shared the top two spots in last year’s list of the world’s most common passwords (https://nordpass.com/most-common-passwords-list/), are also popular among the largest companies’ employees. Across all 20 analyzed industries, both of these passwords were found to be among the seven most commonly used passwords. The word “password” was the number three most-trending pick among the construction and manufacturing sector’s employees and “123456” ranked second.
Other industries were also creative. The password “dummies” ranks 6th among consumer goods sector employees, “sexy4sho” – 16th among real estate employees, and “snowman” – 11th in the energy field.
Common inspiration for passwords
Just like with regular internet users, dictionary words, names of people and countries, and simple combinations of numbers, letters, and symbols make up most passwords presented in the research.
However, the remaining 32% indicate another interesting trend. The world’s wealthiest companies’ employees love passwords that directly reference or hint at the name of a specific company. The full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and the company product or subsidiary name are the common sources of inspiration. These passwords are making half of the construction and manufacturing sector’s list.
“These types of passwords are both poor and dangerous to use. When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are. Employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something as basic as the company’s name,” says Karklys.
Passwords will inevitably die
The study complements a series of password-related research projects NordPass has delivered throughout the years. In 2021, the company looked into the passwords that Fortune 500 companies use, and in 2022, investigated the password habits of top-level business executives. Moreover, NordPass annually presents the “Top 200 most common passwords” study, which broadly covers the password trends of internet users.
“While password trends slightly vary each year across different audiences, the general take is that people continuously fail with their password management, and the world desperately needs to switch to new online authentication solutions such as passkeys,” says Karklys.
Various progressive businesses such as Google, Microsoft, Apple, PayPal, KAYAK, and eBay have already adopted passkey technology and are offering their users passwordless log-in. According to Karklys, in no time at all, other online companies will start following this trend. Therefore, NordPass has developed a solution to store clients’ passkeys and is developing a tool for businesses to easily integrate passkey support to their websites. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide.
Tips to secure business accounts
According to an IBM report, in 2022, stolen or compromised credentials remained the most common cause of a data breach in companies, accounting for 19%. Karklys says that by implementing a few cybersecurity measures, businesses could avoid many cybersecurity incidents.
- Ensure company passwords are strong. They should consist of random combinations of at least 20 upper- and lower-case letters, numbers, and special characters.
- Enable multi-factor authentication or single sign-on. While the MFA set up on another device, connected with email or SMS codes guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.
- Critically evaluate whom to grant account credentials. Access privileges should be removed from people leaving the company and passed on only to those who are in need of certain access.
- Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organization, ensure their strength, and effectively manage access privileges.
Editorial Director and Senior Writer for TileLetter and TileLetter ARTISAN
Lesley Goddin has been writing and journaling since her first diary at age 11. Her journey has taken her through a career in publishing and publicity, landing her the editor position of TileLetter and its special publications in 2006. Her goal is to educate, inspire, recognize and encourage those in the tile industry -- especially the tile and stone contractor.
