Get access to hundreds of financial resources as an RFP INSIDER

Learn More

Resourceful Finance Pro

A compelling case to change all those finance passwords pronto

Jennifer Azara
By: Jennifer Azara

About the Author

Jennifer has covered business and finance for more than 24 years. She has written for CFOs, credit and collections professionals and accounts payable practitioners and has spoken at industry conferences on sales and use tax compliance.

Show Less
Last Updated: May 24, 2019
2 minute engagement

You know what makes a bad password: 12345, 11111 or even password itself! But there’s new research on the passwords that get hacked the most often. And they’re different from the usual suspects.

More importantly: This new list offers some new insight into how your people may be picking codes that lead hackers right into your company’s sensitive systems.

Check out what they discovered so you can feel confident none of your staffers are leaning on these predictable patterns when they set their safeguards.

The not-so-great 8

A security organization in the UK analyzed which passwords were most often involved in a data breach.

Here are the eight that are more likely to open the door to cyber-crooks and that you want staffers to scrub from their rotation:

  • blink182
  • liverpool
  • superman
  • manutd
  • ashley
  • michael
  • cowboys1, and
  • iloveyou.

While this data was collected in the UK, it highlights a trend as far as what people tend to pick:

  • sports teams
  • musicians, and
  • fictional characters.

Those are categories you want to steer employees away from when creating their passwords. Because if they can think of them, so can crooks!

And there’s more reason than ever to embrace some next-level passwords.

Earlier this year the largest personal data breach in history hit. It captured:

  • 772.9 million emails
  • 21.2 million passwords, and
  • 1.1 billion unique combinations of email addresses and passwords.

“Collection #1” attacked personal records, but if employees use the same passwords for multiple accounts, including work ones – and many folks do! – you could have been vulnerable. Plus, some folks still share their passwords with their co-workers.

They’ll keep trying ‘til they get in

Hackers can use the stolen email and password combinations to test them across all online accounts with a technique known as “credential stuffing.”

How it works: Thieves (often via botnets) keep trying every stolen email/password combo until they can get in to a system.

Whether or not any of your people were hit by Collection #1, there’s a very valuable lesson: Have every employee immediately change any company system password that they also use on a personal account.

 

Filed under

Free Training & Resources

White Papers

From Surviving to Thriving: Transforming Nonprofit FinanceStrategy

Webinars

From Data Entry to Data Engine: How AP Automation Fuels Smarter Decisions

White Papers

How Expanding Cost Drivers are Rewriting the CFO’s Healthcare Playbook

On-Demand Webinar, White Papers

AP Fraud on the Rise: How to Stay Ahead in 2025

Resources

Further Reading

Take Back Your Time: 4 Strategies to Say No When The Ask is Too Much

Finance pros always have a lot going on. It comes with the territory. So you sometimes need to say no to demands for your time. Man...

Don’t let a complainer turn a meeting sour: Gripers need to know the boundaries

Whether it’s a big meeting or a quick huddle, the last thing you need is someone turning it into a personal gripefest. Negative or ...

CEOs Are Leaning Toward a Hiring Spree

Looks like AI won’t be taking the place of all those vacant jobs after all. CEOs at bigger companies — some who laid off a lot ...

Companies Under Pressure to Ditch DEI

Some of the biggest companies are ending their diversity, equity and inclusion (DEI) initiatives — and doing so quickly. Brown-Fo...

When Will the Layoffs End? Well …

CFOs intend to continue cutting costs and boosting efficiency in every area possible through 2024 and probably well into 2025. And unfortun...

Passphrases secure, but hard to remember: Should they be your password policy?

Cybercriminals who are out to steal your company’s money are getting smarter. Even a password that uses a capital letter, at least one nu...

Privacy Policy | Terms of Service
Copyright© 2026 Rover Insights