A new analysis by password manager NordPass stresses that major companies open themselves up to security risks by using passwords that lack creativity.
Employees in the financial sector could use more creativity in choosing online passwords, according to an analysis from a large password manager for business and individuals.
As a part of its analysis, NordPass listed password selections for 20 industries, including the financial sector, in 31 countries, with nearly half in the United States (other industries included aerospace, retail and real estate, though most of the companies came from the financial, health or IT sectors).
To NordPass CEO Jonas Karklys, the results make it clear all industries should “speed up in transitioning to alternative online authentication solutions.”
“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” he said. “On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits.”
According to NordPass, some financial employees focused on summer when choosing passwords, with “vacation,” “summer” and “sunshine” making the top 20 (other industries had their own unique inclusions, from “dummies” at No. 6 among consumer goods sector employees to “sexy4sho” reaching No. 16 among employees in the real estate field).
Among all companies, 32% of respondents used passwords directly referencing or hinting at their company (including the full company name, email, abbreviation or products). These passwords were “poor and dangerous,” opening employees up to intrusions, Karklys said..
“When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are,” he said.
While most of the top 10 passwords are self-explanatory, others resist easy explanation (take No. 3, “aaron431,” for example). A NordPass spokesperson said while the company builds the lists, it couldn’t supply additional information on a password’s origins.
Passwords Will Inevitably Die
The study complements a series of password-related research projects NordPass has delivered throughout the years. In 2021, the company looked into the passwords that Fortune 500 companies use, and in 2022, it investigated the password habits of top-level business executives. Moreover, NordPass annually presents the “Top 200 most common passwords” study, which broadly covers the password trends of internet users.
“While password trends slightly vary each year across different audiences, the general take is that people continuously fail with their password management, and the world desperately needs to switch to new online authentication solutions such as passkeys,” says Karklys.
Various progressive businesses such as Google, Microsoft, Apple, PayPal, KAYAK and eBay have already adopted passkey technology and are offering their users password-less logins. According to Karklys, in no time at all, other online companies will start following this trend.
Tips to Secure Business Accounts
According to an IBM report, in 2022, stolen or compromised credentials remained the most common cause of a data breach in companies, accounting for 19%. Karklys said that by implementing a few cybersecurity measures, businesses could avoid many cybersecurity incidents.
Ensure company passwords are strong. They should consist of random combinations of at least 20 upper- and lower-case letters, numbers and special characters.
Enable multi-factor authentication or single sign-on. While the MFA set up on another device, connected with email or SMS codes guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.
Critically evaluate whom to grant account credentials. Access privileges should be removed from people leaving the company and passed on only to those who need certain access.
Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organization, ensure their strength and effectively manage access privileges.
Methodology
The passwords list was compiled in partnership with a third-party company specializing in cybersecurity incident research. Researchers analyzed data that affected the world’s 500 largest companies by their market capitalization. The analyzed data was categorized into 20 different industries. The researchers investigated the top 20 passwords used in each industry.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
