The Poor Passwords of the Financial Industry

Lukas Grigas
Cybersecurity Content Writer
Finance person in a background of charts

They say that security is only as strong as its weakest link. Unfortunately, too often our first line of defense — our passwords — prove to be the weakest link when it comes to corporate cybersecurity. This, unfortunately, is supported by a recent NordPass research of Fortune 500 companies’ password habits. Today, we’re looking at how poor password habits affect the financial industry and how those habits could be turned around.

The not-such-fun facts about password risks in the Finance industry

Each year, Verizon releases a report analyzing data breaches across 16 industries, one of which is financial institutions. The report notes that hacking and utilizing stolen credentials are the most common techniques cybercriminals use to breach financial institutions. For the record, Verizon also states that up to 80% of hacking-related breaches are linked to passwords. Even more concerning is the fact that, according to the Boston Consulting Group, financial institutions are 300 times more likely to be hit by a cyberattack, compared to companies operating in other industries.

While security teams at financial institutions do their best to ensure that their corporate accounts and networks are completely secure, problems arise when passwords enter the picture. Unfortunately, employees have a dangerous habit of using the same credentials to secure their work-related as well as personal accounts. In fact, SpyCloud’s 2021 Report: Breach Exposure of the Fortune 1000 notes that up to 77% of employees at the world’s top financial organizations have reused passwords across corporate and personal accounts.

Secure your business with NordPass - save the hefty costs of a security breach.

Poor and generic passwords of the Finance industry

Back in March, NordPass partnered with a third-party company that specializes in data breach analysis and conducted a thorough research of Fortune 500 companies’ password habits.

The gathered data showed that even the biggest players in the world still struggle with password hygiene. For instance, “123456” was consistently one of the top passwords regardless of the industry. The same can be said about “password” and, weirdly enough, “aaron431”, which appeared among the top passwords in the Financial, Healthcare, Automotive, Technology & IT, Energy, Consumer goods, Agriculture, Energy, and a few other industries.

When it comes to the financial industry in particular, we found that the unique password percentile within the sector stood at 25%, which is not perfect, to say the least. What is even more concerning is the fact that the top 10 passwords in the financial industry were so simple that most of them could be cracked in a matter of minutes. Here they are:

  1. password

  2. aaron431

  3. 123456

  4. student

  5. default

  6. 13pass13

  7. linkedin

  8. Profit

  9. sunshine

  10. Ready2go

Let’s face it — using “profit” as a password to secure a financial institution’s online account is making the hacker’s life a little too easy. Plus, it is a common word, which means that, in a brute-force attack, such a password would be cracked in a matter of minutes.

How to improve password security in the Financial industry

Financial institutions must stay vigilant with their password security practices if they want to reduce the risk of data breaches and other cybersecurity risks. Here are a few tips on how any financial institution can boost password security within the organization:

  • Educate the workforce

    Employees must understand why password security is an integral part of the company’s security infrastructure. Having a training session that answers all the “hows”, “whys”, and “whats” is a great way to get everyone on the same page.

  • Establish internal company password policy

    Have a clear policy on password use within the organization. Establish what is considered a strong password within the company and when it should be updated. Security experts agree that a strong password should be at least 12 characters long and has to include special characters, numbers, as well as upper- and lower-case letters. Try to update your corporate passwords every 90 days just to stay on the safe side.

  • Use a business password manager

    A password management solution for business should be an essential part of any modern-day business. Not only does it improve the overall security posture of the company but also makes the employees' lives easier. In fact, research has shown that password managers such as NordPass improve employee efficiency since they no longer have to worry about password security. A reputable business password manager usually offers more than just an encrypted vault to store passwords. For instance, NordPass Business comes with a built-in password generator, which creates strong and complex passwords on the go. In most instances, a password manager for business will also offer a way to securely share credentials within the organization and effectively manage user access to credentials. A password manager is the easiest and most effective way to establish appropriate password hygiene in a business setting.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.