10 worst passwords chosen by employees
April 2, 2012 by Sam NarisiPosted in: In this week's e-newsletter, Information security, Latest News & Views
Staff in the finance department work with a lot of sensitive information. Are your employees choosing secure passwords to protect that data? Probably not, according to a recent study.
The most common password employed by business users: “Password1.”
That’s from a recent study conducted by IT security firm Trustwave. As part of its Global Security Report for 2012, a comprehensive study of IT security issues, Trustwave analyzed more than 2.5 million passwords culled from clients’ Windows Active Directory servers.
The reason that password is so common? It’s the easiest way to meet Microsoft’s default password complexity requirements. Those settings require passwords to be at least six characters long and contain three out of the five character types (lowercase letters, capital letters, numbers, non-alphanumeric characters, and Unicode characters).
The 10 most common passwords Trustwave discovered include many that meet those requirements without being very secure at all:
- Password1
- welcome
- password
- Welcome1
- welcome1
- Password2
- 123456
- Password01
- Password3
- P@ssw0rd
When passwords like that are used, it can be easy for hackers or malicious insiders to guess the code to gain access to a wealth of sensitive financial information and other data. What can be done about it?
Finance leaders can work with their companies’ IT departments to develop appropriate password policies for employees that work with sensitive data. IT can also implement technical controls that require password complexity beyond Microsoft’s default requirements.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.
Click here to sign up and start your FREE subscription to FinanceTechNews!
