According to new data by NordPass, employees of the world's wealthiest corporations in the hospitality sector use passwords that are particularly non-secure to protect business accounts.
Despite the repeated advice from cybersecurity professionals, passwords such as “123456” and “password” still rank among the top 5 in the hospitality sector.
The top 10 passwords used in the hotel industry are shown below:
1. 123456
2. Part of the company’s name123*
3. part of the company’s name*
4. password
5. part of the company’s namecorp*
6. Hello123
7. part of the company’s name1*
8. part of the company’s name*
9. Part of the company’s name*
10. part of the company’s name1
This password specifically mentions a business. The specific company is not identified by NordPass.
According to a formal press release, it describes the format in which this password was used, such as the abbreviation of the company’s name, a portion of the name or the name coupled with other words or symbols.
Although NordPass monitors the evolution of internet users’ password patterns all year long, this year the company focused on passwords used to protect business accounts by employees of the world’s largest corporations from 31 nations.
The researchers created 20 lists of passwords for various industries.
On the one hand, it is paradoxical that the richest businesses on Earth, who have the money to spend in cybersecurity, fall prey to the lousy password trap.
On the other hand, it makes sense because internet users have ingrained bad password habits, which is only natural. According to NordPass CEO Jonas Karklys, this study offers further evidence that we should all move quickly to switch to alternate online authentication methods.
Non-secure passwords like “default”, “Hello123” and others
According to the report, employees of the biggest organisations also frequently use the passwords “password” and “123456”, which occupied the top two spots on the list of the world’s most popular passwords from the previous year.
Both of these passwords were discovered to be among the seven most used passwords across all 20 examined industries. Employees in the hotel industry chose the word “password” as their fourth most popular trend, with “123456” coming in first.
It’s interesting to note that employees of companies in the hospitality industry frequently used the passwords “default” or “Hello123”.
Other sectors also exhibited creativity. Employees in the consumer goods industry rank “dummies” sixth, “sexy4sho” 16th, and “snowman” 11th in terms of password strength.
Common sources of password inspiration
Dictionary terms, names of people and places, and straightforward combinations of numbers, letters, and symbols make up the majority of passwords presented in the research, just like with regular internet users.
The remaining 32%, though, reveal a different, intriguing pattern. Employees of the richest corporations in the world adore passwords that explicitly include or subtly allude to the name of a certain business.
Common sources of inspiration include the whole company name, the firm’s email domain, a portion of the company name, an abbreviation of the company name, and the name of a company product or subsidiary.
Such passwords are quite well-liked among staff in the hospitality industry.
Using these passwords is risky and poor practice. Because they are aware of how popular certain password combinations are, hackers attempt all of them while trying to access company accounts.
Especially for shared accounts, employees frequently shy away from using difficult passwords. As a result, according to Karklys, they settle on something so straightforward as the firm name.
A broad representation of countries and sectors
The investigation of the passwords for the wealthiest corporations in the world was done in collaboration with independent outside specialists who have a focus on studying cybersecurity problems.
They examined the 500 largest corporations in the world according to market capitalisation, which represented 31 nations and 20 industries.
The nations with the highest representation in this study were the US (46.2%), China (9.6%), Japan (5.8%), India (4.2%), the UK (4%), France (3.8%), and Canada (3.6%), an official statement notes.
Additionally, the majority of the businesses examined belonged to the financial, technology and IT, and health-care industries.
Inevitably, passwords as a concept will expire
The research adds to a number of password-related research initiatives that NordPass has completed throughout the years.
The company analysed the password practices of Fortune 500 corporations in 2021, and senior corporate executives were the focus of a follow-up investigation in 2022.
Additionally, NordPass releases its “Top 200 Most Common Passwords” survey each year, which reflects the general trends in password usage among internet users.
Although password usage patterns vary slightly from audience to audience each year, the overall consensus is that consumers consistently struggle with password management and that new online authentication technologies, like passkeys, are urgently needed.
Passkey technology has already been embraced by a number of forward-thinking companies, including Google, Microsoft, Apple, PayPal, KAYAK, and eBay, which now provide passwordless access to their consumers.
Karklys predicts that other internet businesses will quickly begin to adopt this pattern. As a result, NordPass has created a way to store customer passkeys and is creating a tool so that companies can quickly add passkey support to their websites.
Recommendations for protecting business accounts
Theft or compromised credentials continued to be the most frequent reason for a data breach in businesses in 2022, accounting for 19%, according to an IBM analysis. Businesses might prevent a lot of cybersecurity issues, according to Karklys, by putting in place a few cybersecurity measures:
1. Ensure that business passwords are robust. At least 20 upper- and lower-case letters, digits, and special characters should be randomly combined to form them.
2. Enable single sign-on or multi-factor authentication. Single sign-on feature lets customers maintain fewer passwords while MFA set-up on a different device coupled with email or SMS codes guarantees an additional degree of security.
3. Consider carefully who you give account credentials to. Access rights must to be taken away from departing employees and only given to those who truly require them.
4. Use a password manager. Businesses may securely store all of their passwords in one location, distribute them around the company, guarantee their security, and efficiently control access privileges with the help of a business solution.
Methodology
The list of bad passwords was created in collaboration with a different business that specialises in investigating cybersecurity incidents. Researchers looked at information that was relevant to the 500 largest corporations in the world according to market capitalisation.
The data that was analysed was divided into 20 distinct industries. The top 20 passwords used in each industry were investigated by the researchers.
Inform your staff about safe password practices and any risks – employees must remember to keep their personal and professional accounts separate. This guarantees that, in the event of a breach, both your personal identity and any information pertaining to your employer will be secured.
Consumer-facing hacks may affect more than just individual accounts; they may also expose the company.
Through the reuse of credentials across personal and commercial accounts, data breaches like this one can have a cascading effect on numerous organisations.