A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. Imagine entrusting the livelihood of hundreds, even thousands of employees to someone who uses '123456' or 'qwerty' as a password.
Prepare yourself for a long-ass facepalm, people—this one's a doozy.
The research comes from NordPass (opens in new tab) password manager (via IFLScience (opens in new tab)) which identified back in 2020 that the general public's most commonly used passwords were sequential numbers like '123456', 'picture1', and yep, you guessed it: 'password'.
The more recent research sample consists of 290 million cybersecurity data breaches around the globe, and denotes the job level of those affected. Turns out, when it comes to CEOs and other high-ranking businesses execs, their password choices are much the same as the general public, although many often feature names. Tiffany was spotted in 100,534 breaches; then there was Charlie with 33,699; Michael was found 10,647 times; and Jordan, 10,472 times.
The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. 'Dragon' was spotted 11,926 times, and 'monkey' comes in at 11,675.
I spoke to an IT support engineer we'll call Mr. Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. "Arguably the strongest passwords are 3 random words (opens in new tab), something that you can make a story about in your head to help you remember," he says.
That's something we've preached in the past, and its something the UK's National Cyber Security Centre recommends (opens in new tab), too.
Best SSD for gaming (opens in new tab): the best solid state drives around
Best PCIe 4.0 SSD for gaming (opens in new tab): the next gen has landed
The best NVMe SSD (opens in new tab): slivers of SSD goodness
Best external hard drives (opens in new tab): expand your horizons
Best external SSDs (opens in new tab): plug-in upgrades for gaming laptops and consoles
Right now, Smith is working on a more complex password generator that encourages story elements to make them more memorable. Imagine getting a password featuring a word combo like SturgeonOfLoathing, ObligingAardvark, or SpellboundFalcon... of course you're going to remember it.
Using these kinds of generators in business IT department means everyone gets a fun password that's harder to crack, and because it's memorable people are less likely to change it to something stupid like 'dragon'.
The research is pretty worrying, and makes it painfully clear that most data breaches don't happen because of some profound cyber hacking initiative; around 80% are down to stupid people making stupid-ass passwords (Verizon (opens in new tab)).
It also makes you wonder... Does the boss even go to those 'mandatory' cybersecurity training meetings we get so many emails about?