Top business executives have equally unhealthy password habits as many internet users, according to new research by NordPass. While experts continuously urge companies to take cyber risks seriously, business owners, CEOs, and other C-suite executives continue typing “123456,” which, even after many warnings, remains the most popular password to date.
What were the findings from the NordPass survey?
NordPass, in partnership with independent researchers specializing in the analysis of cyber incidents, compiled an extensive list of top passwords used by top-level executives.
“Michael,” “Jordan,” and other widely picked passwords
The research found that among different executive roles examined — CEOs, C-level executives, management, and business owners — is a visible trend to use easily hackable passwords that mainly include sequence combinations of numbers or letters.
These include “1q2w3e,” “12345,” “11111,” and “qwerty.” The most used remains “123456” (used over 1.1 million times), with “password” (used over 700,000 times) coming in second.
Research suggests that top-level executives also extensively use names or mythical creatures as an inspiration when creating passwords. Among the most popular are “dragon” and “monkey.” The most widely chosen names used in passwords are “Tiffany,” “Charlie,” “Michael,” and “Jordan,” which may or may not hint at the legendary basketball player.
The complete list can be found here.
Different industries and countries affected
This research was conducted in partnership with independent researchers who analyzed over 290 million data breaches across the globe. They grouped passwords according to job title and industry — among many fields affected, technology, finance, construction, healthcare, and hospitality were shown to experience the most security incidents.
Amidst the countries that experienced breaches, France and the UK were listed among the most breached, accounting for 200 million and 600 million passwords leaked respectively.
The analysis shows that business owners, C-suite, and other top executives, expected to be conscious about their security online than the average internet user, have similarly poor password habits. This increases the risks of cyberattacks at the person and company level.
Data breach costs increase
Last year, NordPass presented similar studies, delving into the Top 200 Most Common Passwords people use online and those of Fortune 500 firms. The comparison of research shows that business executives are as likely to use easy-to-crack passwords as general internet users: “123456” and “123456789” rank in the top five among both audiences.
“It is unbelievable how similar we all think, and this research simply confirms that — what we might consider being very original, in fact, can place us in the list of most common. Everyone from gamers to company owners are targets of cybercrimes, and the difference is that businesses pay a higher price for their unawareness,” says Jonas Karklys, CEO of NordPass.
The IBM report reveals that in 2021, the average global cost of a data breach reached $4.24m, which is 10% more compared to 2020. The attacks that happen due to compromised credentials cost even more at $4.37m and account for 20% of all breaches.
How can one ensure that their passwords are safe?
According to Karklys, people can avoid many data breaches by following simple steps:
Deploy a password manager
Password managers allow you to store all the passwords in end-to-end encrypted digital storage locked with a single keyword. Most password managers have additional features to check passwords’ strength and automatically generate unique passwords. For organizations, they can come in handy when sharing passwords with employees or managing their access.
Introduce cybersecurity training
Since simple human mistakes remain the leading cause of global data breaches, it is worth investing in cybersecurity training sessions for employees. Starting from the basics might be a good idea given that people have different technology background levels.
Enable multi-factor authentication (MFA)
It serves as an extra layer of security. It is a method that uses two or more mechanisms to validate the user’s identity – these can be apps, security keys, devices, or biometric data.