Even Fortune 500 businesses have poor password hygiene

Passwords
(Image credit: Shutterstock)
Audio player loading…

When it comes to password hygiene and security, even Fortune 500 (opens in new tab) businesses don't use secure passwords according to new research from NordPass (opens in new tab).

To compile it's new Fortune 500 password study (opens in new tab), the researchers at the password management company analyzed data from public third-party breaches that affected Fortune 500 companies. In total, they analyzed data from over 15m breaches across 17 different industries to find the top 10 passwords used in each industry, the percentile of unique passwords and the number of data breaches affecting each industry.

While using simple passwords poses a risk to all users, businesses and their employees have a lot more to lose from reusing passwords across their online accounts. Back in February for instance, a water treatment facility (opens in new tab) in Florida had a serious security breach due to the fact that it was still using Windows 7 (opens in new tab) with no firewall (opens in new tab) and all of its employees shared the same TeamViewer (opens in new tab) password.

Security expert at NordPass, Chad Hammond provided further insight on how weak employee passwords can jeopardize an organization's entire business, saying: 

“Businesses and their employees have a duty to protect their customers’ data. A weak password of one employee could potentially jeopardize the whole company if an attacker used the breached password to gain access to sensitive data.” 

Poor password hygiene

According to NordPass' research, the top password in the retail and ecommerce, energy, technology, financial services, agriculture, media and advertising, hospitality, human resources and real estate industries is “password”. While “123456” is the most popular password in telecommunications and healthcare, many other industries simply use their “company name” as their password.

Simple passwords can easily lead to data breaches and according to a report (opens in new tab) from IBM, the average global cost of a data breach (opens in new tab) is now at $3.86m. However, a data breach in the healthcare industry costs much more at $7.13m and data breaches at US-based companies now cost an average of $8.64m.

To improve password hygiene at businesses, NordPass recommends that they create complex and unique passwords using a password generator (opens in new tab) or password manager (opens in new tab), use multi-factor authentication (opens in new tab) and educate their employees on the risks of using simple password for their work and personal accounts.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.