Cybersecurity Report Calls Out CEOs For Using Shockingly Weak Passwords
It’s not hard to see why Apple, Google, and Microsoft are pushing passwordless logins when cybercriminals are able to leverage malware and phishing attacks to steal passwords. However, bad actors don’t need to actually steal them when their victims use simple, easy-to-guess passwords. Unfortunately, those sorts of passwords are quite common, leaving a great many user accounts virtually unprotected. While you might think that executives would have better cybersecurity practices and employ strong, unique passwords, it turns out that a great many high-ranking execs use laughably weak passwords.
NordPass recently worked with independent cybersecurity researchers to assemble a list of passwords used by CEOs, C-level executives, business owners, and managerial-level team members. The resulting list was topped by an assortment of pitiful passwords used in large numbers. According to NordPass, “The study reveals that passwords such as 123456, password, and 123456789, are as popular among high-ranking executives as they are among ordinary internet users.”
The chart above shows the 20 most commonly used passwords among business executives and may induce nervous laughter. The usual suspects, like “password” and “12345,” as well as a number of variations, are present here. That said, our favorite is “welcome,” as it ironically functions as a warm welcome to anyone who would like to gain access to the account it is “protecting.” Other notable mentions beyond the top 20 are “Switzerland” at 31st most common and “temppass” at 48. It seems that “temppass” isn’t always as temporary as it might suggest.
NordPass highlighted the fact that many business executives also use common names, such as Tiffany, Charlie, Michael, and Jordan. NordPass also found animals and mythical creatures to be fairly common, with “Dragon” and “monkey” being among the most highly used animal-themed passwords. Single word passwords like these can take under a second to crack using a brute-force attack, so we implore everyone, not just business executives, to use unique multi-word passphrases with some numbers and special characters thrown in.
A password manager is indispensable in this regard, as most of us have too many accounts to be capable of remembering a unique complex password for each one. Most password managers also come with built-in password generators, so you don’t need to think up a sufficiently strong password for every account.
Password managers worth using are end-to-end encrypted (E2EE), so you don’t have to worry about your passwords being exposed in a data breach or a rogue employee swiping your passwords. NordPass is a cloud-based password manager, but there are also offline password managers like KeePassXC. If open source software is your thing, Bitwarden offers a password manager with cloud-storage, but users can opt to self-host the Bitwarden vault on servers of their own.