Article: Poor Password Practices among the World's Biggest Companies' Employees

1 Apr 2023

At 4:22 PM Eastern Daylight Time on March 30, 2023, the following blog section was written.

Study Reveals Weak Password Practices among Top Corporations Worldwide

Discover which passwords are frequently used and considered weak by industry and country. NordPass provides this data along with advice on crafting robust passwords.

It's natural to assume that the most financially successful companies have sufficient funds available for top-notch cybersecurity. Unfortunately, it seems that instead of focusing on strong password protection, these funds are allocated elsewhere. NordPass, a password management provider, recently released a report exposing the fact that a number of employees at some of the wealthiest companies are utilizing weak passwords.

The most common weak passwords used by employees

NordPass conducted a study on the top 500 companies based on their market value in 20 industries and 31 countries. The findings indicated that there was an abundance of weak and easily breakable passwords. Most of the passwords were made up of commonly used words from the dictionary and names of people and countries, along with simple combinations of letters, numbers and symbols. Shockingly, NordPass revealed that the top two worst passwords used were “password” and “123456” and were among the seven most frequently used passwords across all 20 industries.

Common Weak Passwords Used by Different Industries

There were some commonly used weak passwords that were preferred within certain professional domains. To give an instance:

About a third (32%) of the workers utilized a certain aspect associated with the organization as their passcode. A lot of accounts employed the complete title of the company, the email domain of the company, a segment of the company's name, a shortened version of the organization's name, or the name of the company's product or affiliated business as their secret word (as demonstrated in Figure A).

According to a press release from NordPass CEO Jonas Karklys, using these types of passwords can be hazardous and unsatisfactory. Hackers have prior knowledge about how frequently these passwords are used in company accounts, so they try all possible combinations. Due to the lack of interest in creating complex passwords, mainly for shared accounts, employees tend to select something extremely simple, such as the company's name.

Countries with Weak Passwords

The findings were different depending on the country. Nearly half of the feeble passwords were discovered in the United States, while 8.6% were identified in China, 5.8% in Japan, 4.2% in India, 4% in the United Kingdom, 3.8% in France, and 3.6% in Canada. Together, the remaining countries represented 22.8% of the investigation.

It's quite ironic that even though the richest companies in the world have the means to prioritize cybersecurity, they still end up using weak passwords. This could be attributed to the fact that internet users commonly have bad habits when it comes to creating and managing their passwords.