You’d think by 2023, people would have learned by now and stopped using easy-to-guess and, quite frankly, stupid passwords — especially those in the tech/IT industry. The latest study by NordPass, a password manager created by NordVPN, shows that “123456” and “password” still top the list for the 10 most used passwords in the technology and IT sectors.
Estimated reading time: 2 minutes
The complete list of the 10 most used passwords are:
- 123456
- password
- aaron431*
- research
- 12345678
- 111111
- 123456789
- 12345
- abc123
*This password is directly referencing a company. NordPass is not naming the exact business. It notes the format in which this password was used, for example, the abbreviation of the company’s name, part of the name, or the name combined with other words or symbols.
“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap. On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits. This research once again proves that we should all speed up in transitioning to alternative online authentication solutions.”
Jonas Karklys, CEO of NordPass.
It’s scary that the two most common passwords in the world (“123456” and “password”) are the top two among technology and IT employees. Even worse, 32% of passwords also directly reference or hint at the name of the company these employees work for. These passwords either include the full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, or the company product or subsidiary name.
While passwords are going away with businesses like Google, Microsoft, Apple, PayPal, KAYAK, and eBay adopting passkey technology for passwordless login, passwords will still be here for the foreseeable future. In the meantime, here are a few tips that you can implement to choose a better password and avoid cybersecurity incidents revolving around password compromisation:
- Ensure company passwords are strong. They should consist of random combinations of at least 20 upper- and lower-case letters, numbers, and special characters.
- Enable multi-factor authentication or single sign-on. While the MFA set up on another device, connected with email or SMS codes guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.
- Critically evaluate whom to grant account credentials. Access privileges should be removed from people leaving the company and passed on only to those who are in need of certain access.
- Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organization, ensure their strength, and effectively manage access privileges.
What do you think about the fact that users are still using easy-to-guess stupid passwords? Do you use one of the above? Let us know on social media by using the buttons below.