CEOs and other top executives use the same terrible passwords as other people

midian182

Posts: 7,882   +81
Staff member
Facepalm: It's common knowledge that most people still use comically bad passwords, but surely CEOs, high-level executives, and business owners don't think the likes of "123456" is the kind of code that will keep their accounts secure? According to a new report, many of them do.

Password manager NordPass with the help of cybersecurity researchers analyzed over 290 million data breaches worldwide to put together a list of passwords used by business executives. These included company CEOs, C-level execs (CTOs, CFOs, etc.), business owners, and management.

It turns out that these high-fliers aren't so different from the general public: "123456" and "password" were the number one and number two most popular passwords, respectively. That first string was also the most common password among everyday users last year, estimated to have been used over 103 million times.

It also seems that many top executives like to insert names in their passwords, with "Tiffany" (100,534), "Charlie" (33,699), and "Michael" (10,647) the most popular. A report from February showed that names were the second most-hacked category of password.

Execs also like to use animals—real and mythological—in their passwords, with "Dragon" used 11,926 times and "Monkey" in a close second place (11,675). Animals was the third most-hacked category of password.

Corporate Date breaches happen all the time. According to a Verizon Data Breach Investigations Report (DBIR), 80% of them are the result of weak and easy-to-crack passwords. And hackers getting into high-level executive accounts can spell disaster for a company.

Other leading causes of data breaches are just as avoidable: reusing and sharing passwords, phishing attacks, and human error. They can also be due to a company's poor cybersecurity infrastructure. NordPass recommends using a password manager, enabling multi-factor authentication, and introducing more staff training to help avoid such incidents.

h/t: IFL Science

Permalink to story.

 

QuantumPhysics

Posts: 6,308   +7,247
No one wants to be forced to remember a combination of letters, numbers and case sensitivity. They will obviously pick the easiest thing to remember.
 

wiyosaya

Posts: 7,694   +6,633
When most companies/web sites/etc., are still using the old recommendations for passwords and not the new ones clearly explained here - https://www.isaca.org/resources/isa...ok-updated-guidelines-offer-benefits-and-risk
I have no doubt that CEOs are using dumb, easy to guess passwords. IMO, this speaks to the fact that most "security IT experts" are simply not experts in the real sense of the word. Furthermore, that CEOs use easy to guess passwords simply speaks to the intelligence of CEOs.
 

nodfor

Posts: 236   +432
Our minister for public safety used for account name minister and password 123456

That didn't really seem safe. But he had excellent advice on how to deal with burglars - pretend that you are asleep to avoid confrontation. That was some sound advice. But there were no instruction given on what to if the burglars started assaulting you - maybe shout 123456 ?
 

Carlos GarPov

Posts: 113   +70
They have their minds in so-many things that they need something simple to remember. I guess they should have a password encrypter/administrator (someone to help them out with this), but not knowing what the actual passkey it is.
 

p51d007

Posts: 3,149   +2,652
Good lord...how hard is it to use an encrypted password manager or store an encrypted file with your passwords?
 

FaTaL

Posts: 78   +119
This article is a crock. Every corporation ive worked for has had tigher password requirements than these top 50.... Must have upper case, > 8 characters, must contain alpha numerci + 1 special character.

Wtf did they survey? the hicks in north dakota?
 

Steveb8189

Posts: 74   +80
This article is a crock. Every corporation ive worked for has had tigher password requirements than these top 50.... Must have upper case, > 8 characters, must contain alpha numerci + 1 special character.

Wtf did they survey? the hicks in north dakota?

It's not a survey it's just analysis from breached password lists. Unlikely many ot the sources will be corporate accounts. CEOs also use LinkedIn, Facebook etc too you know?