A compelling case to change all those finance passwords pronto

You know what makes a bad password: 12345, 11111 or even password itself! But there’s new research on the passwords that get hacked the most often. And they’re different from the usual suspects.

More importantly: This new list offers some new insight into how your people may be picking codes that lead hackers right into your company’s sensitive systems.

Check out what they discovered so you can feel confident none of your staffers are leaning on these predictable patterns when they set their safeguards.

The not-so-great 8

A security organization in the UK analyzed which passwords were most often involved in a data breach.

Here are the eight that are more likely to open the door to cyber-crooks and that you want staffers to scrub from their rotation:

• blink182
• liverpool
• superman
• manutd
• ashley
• michael
• cowboys1, and
• iloveyou.

While this data was collected in the UK, it highlights a trend as far as what people tend to pick:

• sports teams
• musicians, and
• fictional characters.

Those are categories you want to steer employees away from when creating their passwords. Because if they can think of them, so can crooks!

And there’s more reason than ever to embrace some next-level passwords.

Earlier this year the largest personal data breach in history hit. It captured:

• 772.9 million emails
• 21.2 million passwords, and
• 1.1 billion unique combinations of email addresses and passwords.

“Collection #1” attacked personal records, but if employees use the same passwords for multiple accounts, including work ones – and many folks do! – you could have been vulnerable. Plus, some folks still share their passwords with their co-workers.

They’ll keep trying ‘til they get in

Hackers can use the stolen email and password combinations to test them across all online accounts with a technique known as “credential stuffing.”

How it works: Thieves (often via botnets) keep trying every stolen email/password combo until they can get in to a system.

Whether or not any of your people were hit by Collection #1, there’s a very valuable lesson: Have every employee immediately change any company system password that they also use on a personal account.