TOP20 not-so-secret business passwords
Together with NordStellar, we’ve analyzed the most common passwords used in corporate environments – and it’s clear that poor password habits are widespread. Across industries, weak credentials leave businesses vulnerable to data breaches. Let’s take a closer look.
:format(avif))
Research breakdown
Methodology
The list of passwords was compiled in partnership with NordStellar, which specializes in researching cybersecurity incidents. Together, we reviewed a 2.5TB database extracted from various publicly available sources, including those on the dark web.
11 industries
We broke the data down into 11 key sectors, like healthcare, finance, education, and tech. This approach helps us identify password trends specific to each industry, giving us a clearer picture of how different organizations are securing their data.
Study approach
We analyzed passwords stolen by malware or exposed in data breaches. In most cases, the passwords were leaked alongside email addresses, allowing us to distinguish corporate credentials by their domain name.
Top 20 most common passwords fails across industries
Findings
Ensure your team is using only strong passwords
Discover how NordPass can help you enforce robust password policies at your company to protect it from unauthorized access and potential leaks.
:format(avif))
:format(avif))
Take a quick look below, and you’ll see that the most common corporate passwords aren’t all that different across industries and countries. It just goes to show that, no matter the sector or location, organizations share the same poor password habits - leaving them vulnerable to security risks.
Most popular corporate passwords by country
Results
Alarming patterns
Top 3 most popular corporate passwords are number sequences
The most commonly used passwords in corporate environments are predictable number sequences like "123456", "123456789", and "12345678". These are the easiest passwords to crack (in under 1 second) and have topped the charts for years.
Using email as password is a very common mistake
In every industry, we’ve found employees using their email addresses as passwords. It’s a risky habit that provides hackers with an easy clue to your login credentials. Companies need to step in with strong policies to prevent it.
Many people use their names for work-related passwords
While it might seem convenient, some employees create corporate passwords based on their own names. It’s a major risk factor that can leave the entire organization’s sensitive information exposed to potential threats.
Top 10 countries with the most password breaches
Bad password habits are common worldwide, putting millions of online users at risk. However, some countries experience significantly more password breaches than others.
Check out the graph on the right to see which countries top the list for the biggest number of compromised password incidents.
:format(avif))
Why do data breaches happen?
Corporate data breaches are becoming increasingly common today. Let’s take a look at some of the main reasons why they occur.
Weak passwords
According to a Verizon Data Breach Investigations Report, 70% of data breaches are the result of weak, easy-to-crack passwords.
Reused passwords
Using the same password for multiple business accounts puts all of them at great risk if a bad actor gains access to that particular password.
Risky password-sharing habits
Sharing passwords over unprotected channels, like email or a messaging app, increases the risk of them being intercepted by malicious third parties.
Human error
Reports suggest that as much as 70% of data breaches are caused by human mistakes. Often, it’s just one simple misstep that can lead to a breach.
Poor cybersecurity infrastructure
If you fail to establish a secure digital infrastructure, bad actors will surely take advantage of your poorly protected systems and try to break in.
No multi-factor authentication (MFA)
Requiring a second authentication factor prevents unauthorized access, even if the password is compromised. Without MFA, that protection is lost.
How to better protect your organization
Deploy a password manager
A business password manager is an essential tool for any organization aiming to maintain a robust security posture. With a corporate password manager, you can significantly improve your password security and reduce the risk of falling victim to a data breach.
:format(avif))
Run cybersecurity training
Establishing comprehensive cybersecurity training that shows your employees not just how to protect your business, but why it matters, will significantly enhance your overall security posture.
:format(avif))
Enable multi-factor authentication
Multi-factor authentication adds an extra layer of security by using two or more methods to verify a user's identity, instead of relying solely on a password. By requiring employees to provide another proof of identity, you can greatly boost your company’s cybersecurity.
:format(avif))
Add passwordless authentication to your systems
Authopia by NordPass
Authopia is a free tool that helps companies implement passkey technology without the high development costs. It allows you to easily add a passkey widget to a login form on your website or service, making the login process faster and much more secure.
With Authopia, you can enhance your company’s security and help address the global issue of weak corporate passwords.
:format(avif))
Get in touch
If you’d like more information about the most common password lists, or want to schedule an interview, contact us at [email protected] and we will get back to you shortly.