Will we EVER learn? ‘123456’ and ‘password’ are among the most popular passwords used by CEOs – while many continue to choose names and mythical creatures, the report reveals
- Researchers analysed over 290 million data breaches worldwide
- They grouped compromised passwords according to job title and industry
- Among CEOs, ‘123456’, ‘password’, ‘12345’ and ‘123456789’ were most popular
- Names and mythical creatures were also very commonly used, with ‘Michael’, ‘Jordan’ and ‘dragon’ also featuring in the top list
It’s something that we’re all regularly warned about, but it seems that even top executives are still using passwords that are very easy to guess.
The list of top passwords used by CEOs was compiled by NordPass in partnership with independent researchers specializing in research about cybersecurity incidents.
The team analyzed over 290 million data breaches worldwide, before grouping passwords according to job title and industry.
Among the fields affected, technology, finance, construction, healthcare, and hospitality were shown to experience the most security incidents.
Their top choice?
New research by NordPass has revealed the top 10 passwords used by CEOs around the world has ‘123456’ at number one, with more than 29,000 CEOs opting for it.
Well, other top 10 choices are ‘password’ — used by more than 22,500 CEOs; ‘12345’, ‘123456789’, ‘qwerty’ and ‘1234’. The rest of the top 10 include other easy-to-hack offerings ‘qwerty123’ and ‘111111’.
Most risky password?
‘123456’ was found to be involved in more than 1.1 million cybersecurity breaches worldwide, while ‘password’ was found in more than 700,000 breaches.
What about names?
The analysis also found that high-ranking business executives often do the other big password don’ts — using names as their secret words. NordPass found the most popular names used worldwide were Tiffany (used in 100,534 data breaches), Charlie (33,699), Michael (10,647), and Jordan (10,472).
And CEOs and business owners also opted for mythical creatures and animals as passwords, with ‘dragon’ and ‘monkey’ both used nearly 12,000 times each.
CEOs vs common users?
Previous research found similar behavior from everyday interest users running their own lives, rather than big businesses, with the top 10 most common globally used passwords in 2021:
— ‘123456’ – used by 103,170,552 people
— ‘123456789’ – used by more than 46,000,000.
“It is unbelievable how similar we all think, and this research simply confirms that — what we might consider being very original, in fact, can place us in the list of most common,” says Jonas Karklys, the CEO of NordPass.
What else inspires password choices?
The 2021 analysis found cultural references influence password choices as well. Liverpool was the third most popular choice in the UK, with Arsenal and Chelsea at 10 and 11. Women were also found to use more upbeat phrases such as ‘sunshine’ or ‘iloveyou’ while men used more sports terms and in some countries, more swear words.
Cyber crime is rising?
According to Jonas Karklys, everyone from gamer teenagers to company owners are targets of cybercrimes, and the only difference is that business entities, as a rule, pay a higher price for their unawareness.
The IBM report reveals that in 2021, the average global cost of a data breach reached 4.24 million USD, which is 10% more compared to 2020. The attacks that happen due to compromised credentials cost even more at 4.37 million USD and account for 20% of all breaches.
Tips to secure your business
To protect your organization from the hazards of weak and simple passwords, NordPass offers a few tips.
- Use a password manager. Trying to devise and remember a strong and unique password for each account is impossible without some help. A password manager will create, store, and apply complex passwords for all your accounts. Most of the top password managers are available in business or enterprise versions that organizations can deploy and manage for all employees.
- Stress cybersecurity training. Because weak passwords and other mistakes can lead to a data breach, invest in the right type of security training for all employees. Stress the importance of using strong passwords to protect user accounts as well as company data.
- Implement multi-factor authentication. MFA adds a vital layer of protection. Even if an account password is leaked or stolen, an attacker can’t use it to sign in without that second form of verification from a mobile device or security key.