TOP20 not-so-secret business passwords

Together with NordStellar, we’ve analyzed the most common passwords used in corporate environments – and it’s clear that poor password habits are widespread. Across industries, weak credentials leave businesses vulnerable to data breaches. Let’s take a closer look.

most common passwords

Research breakdown

Methodology

The list of passwords was compiled in partnership with NordStellar, which specializes in researching cybersecurity incidents. Together, we reviewed a 2.5TB database extracted from various publicly available sources, including those on the dark web.

11 industries

We broke the data down into 11 key sectors, like healthcare, finance, education, and tech. This approach helps us identify password trends specific to each industry, giving us a clearer picture of how different organizations are securing their data.

Study approach

We analyzed passwords stolen by malware or exposed in data breaches. In most cases, the passwords were leaked alongside email addresses, allowing us to distinguish corporate credentials by their domain name.

Top 20 most common passwords fails across industries

Findings

Ensure your team is using only strong passwords

Discover how NordPass can help you enforce robust password policies at your company to protect it from unauthorized access and potential leaks.

password generator tool visual

Alarming patterns

Top 3 most popular corporate passwords are number sequences

The most commonly used passwords in corporate environments are predictable number sequences like "123456", "123456789", and "12345678". These are the easiest passwords to crack (in under 1 second) and have topped the charts for years.

Using email as password is a very common mistake

In every industry, we’ve found employees using their email addresses as passwords. It’s a risky habit that provides hackers with an easy clue to your login credentials. Companies need to step in with strong policies to prevent it.

Many people use their names for work-related passwords

While it might seem convenient, some employees create corporate passwords based on their own names. It’s a major risk factor that can leave the entire organization’s sensitive information exposed to potential threats.

Top 10 countries with the most password breaches

Bad password habits are common worldwide, putting millions of online users at risk. However, some countries experience significantly more password breaches than others.

Check out the graph on the right to see which countries top the list for the biggest number of compromised password incidents.

grapth-countries

Why do data breaches happen?

Corporate data breaches are becoming increasingly common today. Let’s take a look at some of the main reasons why they occur.

Weak passwords

According to a Verizon Data Breach Investigations Report, 70% of data breaches are the result of weak, easy-to-crack passwords.

Reused passwords

Using the same password for multiple business accounts puts all of them at great risk if a bad actor gains access to that particular password.

Risky password-sharing habits

Sharing passwords over unprotected channels, like email or a messaging app, increases the risk of them being intercepted by malicious third parties.

Human error

Reports suggest that as much as 70% of data breaches are caused by human mistakes. Often, it’s just one simple misstep that can lead to a breach.

Poor cybersecurity infrastructure

If you fail to establish a secure digital infrastructure, bad actors will surely take advantage of your poorly protected systems and try to break in.

No multi-factor authentication (MFA)

Requiring a second authentication factor prevents unauthorized access, even if the password is compromised. Without MFA, that protection is lost.

How to better protect your organization

Deploy a password manager

A business password manager is an essential tool for any organization aiming to maintain a robust security posture. With a corporate password manager, you can significantly improve your password security and reduce the risk of falling victim to a data breach.

secure data storage

Run cybersecurity training

Establishing comprehensive cybersecurity training that shows your employees not just how to protect your business, but why it matters, will significantly enhance your overall security posture.

people laptop

Enable multi-factor authentication

Multi-factor authentication adds an extra layer of security by using two or more methods to verify a user's identity, instead of relying solely on a password. By requiring employees to provide another proof of identity, you can greatly boost your company’s cybersecurity.

totp

Add passwordless authentication to your systems

Authopia by NordPass

Authopia is a free tool that helps companies implement passkey technology without the high development costs. It allows you to easily add a passkey widget to a login form on your website or service, making the login process faster and much more secure.

With Authopia, you can enhance your company’s security and help address the global issue of weak corporate passwords.

authopia login

Get in touch

If you’d like more information about the most common password lists, or want to schedule an interview, contact us at [email protected] and we will get back to you shortly.