Support 1300 669 220

Most People Use the Same 3 (Weak) Passwords for Everything

How many different passwords are your employees using in the workplace? Believe it or not, they’re likely to be sharing the same three between all their accounts – and they’re incredibly easy to hack. 

Hands up. How many of us are using ‘123456’ as our password? 

It’s probably a lot more than you may think. In fact, this is the number 1 most common password used in Australia, with more than 300,000 accounts being protected with this simple sequence. It’s estimated that the average hacker could compromise this password in less than one second! 

Coming in a close second – and also taking criminals under a minute to hack – is ‘password’, used to secure almost 200,000 accounts. And while the third-place runner-up takes a little longer to figure out – around three hours – nearly 100,000 Australians are using the name of the popular Newcastle music venue Lizotte’s to try and keep their valuable and confidential data safe and secure. 

What’s the problem?

The big concern with your employees using the same password for everything is that, should criminals be able to hack into one system, they then have exactly what they need to gain access to all the other systems secured with that same password. The weaker that password is, the quicker the account can be compromised, and the faster you can wave goodbye to your data. 

Instead, employees should be encouraged to create unique passwords for each system, app, tool, website, and account they access from the workplace. And ideally, these passwords should be strong and secure, making them more challenging for criminals to uncover. Employees should avoid…

  • Repeated characters
  • Numeric sequences
  • Passwords under 14 characters
  • Passwords without special characters
  • Names, locations, dates
  • Brand names 

An extra layer of security

Employees shouldn’t be using these passwords, or any passwords that can easily be compromised. However, while we can train staff and ensure they understand the risks, we can’t always be sure they’re following the rules. That’s why you should consider multi-factor authentication. 

If your software systems offer this, it means employees will need to input two forms of credentials to gain access to their accounts. Typically, this will be a password followed by a one-time code sent to their email address, although fingerprint scanning is becoming more common. It means that even if a password is compromised, criminals shouldn’t be able to bypass that second layer of security. 

Why are we still using basic passwords?

If these sorts of passwords are so easy to guess, why do so many people still use them?

Well, it’s obvious – convenience!

During the average workday, an employee may need to log in to their computer, sign in to all the tools they expect to use throughout the day, and potentially even gain access to personal accounts to manage finances, or buy a bus ticket home. If you’ve got 10 different systems and apps that need to be accessed regularly, it’s much easier to remember something like abc123 than sS7*u!#342$MnB.
Fortunately, there is a solution: password managers. These tools generate and store strong, secure, and unique passwords for each different website or app. Download our password manager guide to find out more about strengthening your passwords, or get in touch for tailored help and support.