Article by
Gildas Jones

It might seem funny that people are still using passwords like “qwerty” and “123456”. But both are still – somehow – in the 25 most common passwords of 2020. If you own a business, that’s a big problem.

12/16/2020

Are your employees endangering your company?

Are your employees endangering your company?

Or rather, are your employees’ passwords endangering your company?

It might seem funny that people are still using passwords like “qwerty” and “123456”. But both are still – somehow – in the 25 most common passwords of 2020.

If you own a business, that’s a big problem.

Because you only need to think back to 2014, when eBay realised that 145 million of their users had their private information stolen by hackers using employee passwords. Or what happened to LinkedIn in 2016, where 165 million user accounts were compromised.

Crappy passwords can be funny. But really, they’re no joke. If your team is using them, you could be the next eBay. And not in a good way.

The 20 most common passwords for 2020

These are the kind of weak, easily guessable passwords that you need to ensure no one on your team never even considers using. The 20 most common passwords for 2020 are:

  • 123456
  • 123456789
  • Picture1
  • password
  • 12345678
  • 111111
  • 123123
  • 12345
  • 1234567890
  • senha
  • 1234567
  • qwerty
  • abc123
  • Million2
  • 000000
  • 1234
  • iloveyou
  • aaron431
  • password1
  • qqww1122

How do I protect my business using cybersecurity?

1) Teach cybersecurity basics

Do you know if your team uses strong passwords? If you don’t, it’s time to ask. Start by ensuring that you and your team are fully acquainted with the basics. When creating a password:

  • Use a mixture of letters and symbols
  • Use a passphrase (several words together) instead of a password
  • Use different passwords for different sites

2) Give your team the training they need

Team cybersecurity training is pretty much a must for any business these days. Especially if you store any user information at all.

Because those cybersecurity breaches suffered by LinkedIn, eBay and others weren’t cost-free. Sometimes that cost was in cash. Sometimes it was in reputation. Sometimes it was in losses of future customers or current customers.

You can’t afford for your team not to have the knowledge they need to protect your business. All it takes is one weak link – one person using “onedirection” as their password (this doesn’t quite make the top 100 passwords in 2020, but it is worryingly, shockingly – horrifyingly – close) to sink your entire business’s cybersecurity efforts.

3) Use 2FA or MFA

2FA and MFA stand for “Two-Factor Authentication” and “Multi-Factor Authentication”. They’re the two industry buzzwords which geeks and tech-type people use to refer to cybersecurity which requires two or more pieces of information to log in with.

This could mean things like email authentication or SMS authentication (where you get sent an email or text and need to reply to verify it’s you). It also sometimes means having a key card or key fob to log in with.

You can check out our full guide on MFA deployment and more about how to set up better passwords and MFA here.

4) Use LastPass (or other password manager)

LastPass touts itself as the world’s number one password manager and it’s not far wrong. We heartily recommend using a password “vault” such as this.

If you use it on a personal level, LastPass is free. For businesses, it starts from somewhere between £2-3 per user. That’s an absolute steal. And it will ensure that when it comes to your passwords, no one can steal yours.

Do you need to teach proper cybersecurity to your team?

Dial A Geek can help. Nearly 1000 businesses in and around Bristol already trust us with their cybersecurity. Let’s chat about yours. Book a meeting with our director Gildas Jones by clicking on this link to his bookings calendar.