A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. Imagine entrusting the livelihood of hundreds, even thousands of employees to someone who uses ‘123456’ or ‘qwerty’ as a password.
Prepare yourself for a long-ass facepalm, people—this one’s a doozy.
The research comes from NordPass password manager (via IFLScience) which identified back in 2020 that the general public’s most commonly used passwords were sequential numbers like ‘123456’, ‘picture1’, and yep, you guessed it: ‘password’.
The more recent research sample consists of 290 million cybersecurity data breaches around the globe, and denotes the job level of those affected. Turns out, when it comes to CEOs and other high-ranking businesses execs, their password choices are much the same as the general public, although many often feature names. Tiffany was spotted in 100,534 breaches; then there was Charlie with 33,699; Michael was found 10,647 times; and Jordan, 10,472 times.
The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. ‘Dragon’ was spotted 11,926 times, and ‘monkey’ comes in at 11,675.
I spoke to IT support engineer Ash Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. “Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember,” he says.
That’s something we’ve preached in the past, and its something the UK’s National Cyber Security Centre recommends, too.
Right now, Ash is working on a more complex password generator that encourages story elements to make them more memorable. Imagine getting a password featuring a word combo like SturgeonOfLoathing, ObligingAardvark, or SpellboundFalcon… of course you’re going to remember it.
Using these kinds of generators in business IT department means everyone gets a fun password that’s harder to crack, and because it’s memorable people are less likely to change it to something stupid like ‘dragon’.
The research is pretty worrying, and makes it painfully clear that most data breaches don’t happen because of some profound cyber hacking initiative; around 80% are down to stupid people making stupid-ass passwords (Verizon).
It also makes you wonder… Does the boss even go to those ‘mandatory’ cybersecurity training meetings we get so many emails about?