New research by NordPass points to a common but alarming issue with automotive sector employee passwords used to secure business accounts.
Employees of the world’s biggest companies from 31 countries tend to use very poor passwords, as NordPass discovered when it exposed 10 of the most commonly used passwords in the sector. NordPass’ researchers managed to compile 20 industry-specific password lists based on their data.
“While cybersecurity experts repeatedly urge businesses to take better care of corporate accounts, passwords such as ‘123456,’ ‘12345,’ and ‘password’ still make it to the top of the automotive industry’s list,” said NordPass in a news release.
Common passwords include: 123456, 12345, password, aaron431, 123456789, 1234, 12345678, and some variation of the company’s email domain.com — such as an abbreviation of the company’s name, part of the name, or the name combined with other words or symbols.
“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” said NordPass CEO Jonas Karklys in a statement. “On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits.”
Karklys said the research points to a need for companies to speed-up the transition to alternative online authentication solutions. Research shows that employees of the world’s wealthiest companies lean more towards using the full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and/or the company product or subsidiary name.
“These types of passwords are both poor and dangerous to use,” said Karklys in a statement. “When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are.”
Karklys suggests ensuring company passwords are strong and that employees enable multi-factor authentication or single sign-on. Employers should also evaluate which employees should be granted account credentials, immediately remove access privileges from people leaving the company, and deploy a password manager.