Even Fortune 500 businesses have poor password hygiene

(Image credit: Shutterstock)

When it comes to password hygiene and security, even Fortune 500 businesses don't use secure passwords according to new research from NordPass.

To compile it's new Fortune 500 password study, the researchers at the password management company analyzed data from public third-party breaches that affected Fortune 500 companies. In total, they analyzed data from over 15m breaches across 17 different industries to find the top 10 passwords used in each industry, the percentile of unique passwords and the number of data breaches affecting each industry.

While using simple passwords poses a risk to all users, businesses and their employees have a lot more to lose from reusing passwords across their online accounts. Back in February for instance, a water treatment facility in Florida had a serious security breach due to the fact that it was still using Windows 7 with no firewall and all of its employees shared the same TeamViewer password.

Security expert at NordPass, Chad Hammond provided further insight on how weak employee passwords can jeopardize an organization's entire business, saying: 

“Businesses and their employees have a duty to protect their customers’ data. A weak password of one employee could potentially jeopardize the whole company if an attacker used the breached password to gain access to sensitive data.” 

Poor password hygiene

According to NordPass' research, the top password in the retail and ecommerce, energy, technology, financial services, agriculture, media and advertising, hospitality, human resources and real estate industries is “password”. While “123456” is the most popular password in telecommunications and healthcare, many other industries simply use their “company name” as their password.

Simple passwords can easily lead to data breaches and according to a report from IBM, the average global cost of a data breach is now at $3.86m. However, a data breach in the healthcare industry costs much more at $7.13m and data breaches at US-based companies now cost an average of $8.64m.

To improve password hygiene at businesses, NordPass recommends that they create complex and unique passwords using a password generator or password manager, use multi-factor authentication and educate their employees on the risks of using simple password for their work and personal accounts.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.