what does that say about your boss’s passwords?

Study: “123456” is the most common password amongst CEOs

  • Like many netizens, high-level executives and business owners have a thing for the world's most popular password "123456."
  • Finance industry second most breached, compared to other sectors.
  • Role model uncovered: “Michaels” and “Jordans” among the most popular executives’ passwords.

The finance industry leads the list of most breached sectors, as shown in the latest study by NordPass. The research was conducted to assess the password habits of high-level executives worldwide. While there are various reasons behind these data breaches, poor password hygiene is often spelled out as one of the weakest links. Apparently, this is as relevant to business owners, CEOs, and other C-level executives as to regular internet users. Among both audiences, the most popular password remains “123456”.

NordPass, in partnership with independent researchers specializing in the analysis of cyber incidents, compiled an extensive list of top passwords used by top-level executives.

“Michael,” “Jordan,” and other widely picked passwords

Among different executive roles that researchers examined — CEOs, C-level executives, management, and business owners — is a visible trend to use easily hackable passwords that mainly include sequence combinations of numbers or letters.

These include but are not limited to “1q2w3e,” “12345,” “11111,” and “qwerty.” The winner in all categories remains “123456” (used over 1.1 million times), with the password “password” (used over 700 thousand times) coming in second.

Research suggests that top-level executives also extensively use names or mythical creatures as an inspiration when creating passwords. Among the most popular are “dragon” and “monkey.” The most widely chosen names used in passwords are “Tiffany,” “Charlie,” “Michael,” and “Jordan,” which may or may not hint at the legendary basketball player. The complete list can be found here.

Different industries affected

This research was conducted in partnership with independent researchers who analyzed over 290 million data breaches worldwide. They grouped passwords according to job title and industry — among many fields affected, finance, technology, construction, healthcare, hospitality, media, and marketing were shown to experience the most security incidents.

Last year, NordPass presented a similar study, delving into the passwords that Fortune 500 companies’ employees use to access their accounts. Below are the 10 most common passwords among the finance sector’s employees:

  1. password
  2. aaron431
  3. 123456
  4. student
  5. default
  6. 13pass13
  7. linkedin
  8. Profit
  9. Sunshine
  10. ready2go

Data breach costs going up

One might expect business owners, C-suite, and other high-ranking executives to be more conscious about their security online than average internet users.  However, the latest research of NordPass demonstrates that is not the case. “123456” and “123456789” rank in the top five among both audiences, according to this study and the NordPass’ annual Top 200 Most Common Passwords research. This significantly increases the risks of cyberattacks at both the person and company level.

“It is unbelievable how similar we all think, and this research simply confirms that — what we might consider being very original, in fact, can place us in the list of most common,” says Jonas Karklys, the CEO of NordPass. “Everyone from gamer teenagers to company owners are targets of cybercrimes, and the only difference is that business entities, as a rule, pay a higher price for their unawareness.”

The IBM report reveals that in 2021, the average global cost of a data breach reached 4.24 million USD, which is 10% more compared to 2020. The attacks that happen due to compromised credentials cost even more at 4.37 million USD and account for 20% of all breaches.

Tips to ensure your passwords are safe

According to Karklys, people can avoid many data breaches by following simple steps to improve password security:

  1. Deploy a password manager. Password managers allow you to store all the passwords in end-to-end encrypted digital storage locked with a single keyword for the most convenience. Most password managers have additional features to check passwords’ strength and automatically generate unique passwords. For organizations, they can come in handy when sharing passwords with employees or managing their access.
  2. Introduce cybersecurity training. Since simple human mistakes remain the leading cause of data breaches, it is worth investing in cybersecurity training sessions for  employees. Starting from the basics might be a good idea given that people have different technology background levels.
  3. Enable multi-factor authentication. Known as MFA, it serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be separate apps, security keys, devices, or biometric data.

Methodology

The list of passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents.

ABOUT NORDPASS
NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease-of-use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.