Businesses still haven’t stopped using weak passwords, and it’s getting super risky

Businesses still haven’t stopped using weak passwords, and it’s getting super risky

Published on April 3, 2025 | Category: tech

Businesses still haven’t stopped using weak passwords, and it’s getting super risky

News
By Benedict Collins published

'Password', '123456', and 'secret' are still being used

A sticky note on a laptop reading "password 12345678"
(Image credit: Getty Images)
  • Businesses still haven't stopped using easily crackable passwords
  • Germany, the US, and China suffer the most password breaches
  • 123456, password, and qwerty are still being used in 2025

Many businesses are still using weak passwords that can be cracked in less than a second in the event of a brute force attack to secure their accounts, new research from one of the best password managers, NordPass, has found.

Passwords such as ‘123456’, ‘secret’, and even ‘password’ are being used by thousands of businesses across the world, resulting in easy picking for hackers.

The research also found Germany was top in the world for password breaches, with 582,067 incidents, closely followed by the US with 502,435, and China at 448,375.

The password is ‘password’

NordPass’ research used a 2.5 terabyte database compiled from numerous publicly available data sets, including some from the dark web that covered 11 industries.

For enterprise, the most common password in the database was ‘123456789’ with 378,182 uses, followed by the much easier to remember ‘123456’ with 356,341 uses, and just to round it all out ‘12345678’ comes in third with 145,688 uses.

Small and medium businesses don’t fare much better, with ‘123456’ topping the list for both with a total of 852,861 across both business sizes. Other classic passwords such as ‘qwerty123’, ‘abc123’, and ‘iloveyou’ also appear on the list, taking less than one second to crack.

Interestingly, the 28th most used password in NordPass’ dataset was ‘TimeLord12’, possibly suggesting that an IT worker with a love for Peter Capaldi’s work as the twelfth Doctor in Doctor Who was in charge of creating over 30,447 accounts that were later exposed.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

NordPass also found many users who didn’t use the most common passwords would often use their own email address as their password, making it fairly easy for an attacker to crack their accounts. Names were also a common inclusion in the database, suggesting that employees were using their own names as a password.

A padlock resting on a keyboard.

(Image credit: Passwork)

If you’ve seen your password somewhere in this article or in NordPass’ research, it might be time to change it to something more secure, lest you be responsible for a breach.

In order to better protect corporate accounts, businesses should put in place password creation rules that make it harder to use simple passwords that can be easily cracked. NordPass also offers a business password manager tier to help businesses generate and store passwords securely.

Businesses should also implement two-factor authentication when signing in to accounts to help verify that the person accessing the account is a legitimate user, and not a crook with stolen credentials. Businesses can also switch over to using passkeys, which use secure authentication to log in without the need to remember complex passwords.

You might also like

  • These are the best password managers for families
  • Take a look at our guide to the best parental control apps
  • Google is going to let you transfer your passkeys to a new phone
Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security

Why you should replace your Kaspersky antivirus

Android phone malware

Dodgy Android smartphones are being preloaded with Triada malware

Latest
Samsung QN90F seen from an angle showing image of soup bowl

Samsung is being weirdly cagey about supporting Netflix's big HDR upgrade that's basically custom-made for its TVs

See more latest
Most Popular
Samsung QN90F seen from an angle showing image of soup bowl
Samsung is being weirdly cagey about supporting Netflix's big HDR upgrade that's basically custom-made for its TVs
JetKVM, KVM over IP module
JetKVM is an exciting, tiny open source KVM over IP module that sold almost 100,000 units and it even has a rare RJ11 port
Why you should replace your Kaspersky antivirus
Mario Kart World
The Nintendo Switch 2 will feature DLSS and ray tracing, but we don't know which games support it
Apple Watch Ultra 2 on wrist showing a timer
Apple patents motion-predicting technology that can count reps and identify exercises during a workout
Sergii Figurnyi
Tuta Mail could soon be your default iOS mail app – but only after filing a complaint against Apple
Android phone malware
Dodgy Android smartphones are being preloaded with Triada malware
Start windows 11 button on computer menu screen close up view
Do I really need antivirus for Windows 11?
V-Copter Falcon Mini drone in flight above a road in a forest
This unique bi-copter drone could actually disrupt DJI's drone dominance – and now we know its tempting price tag
Operators battle it out on the Fortnite OG
The Nintendo Switch 2 is backward compatible but a ton of original Switch games have 'start up' and 'compatibility' issues

Share on Twitter Share on Facebook Share on LinkedIn

Related Articles

Spotify is about to be flooded with AI-made ads, and I wonder if it will make much of a difference to businesses

Spotify’s new AI-powered ad tool may not be the solution they claim....

Read More
CinemaCon 2025 live – first Avatar 3 reaction, juicy Fantastic Four news,

CinemaCon 2025 is officially underway – here are all new movie announc...

Read More
NYT Wordle today — answer and my hints for game #1385, Friday, April 4

Looking for Wordle hints? I can help. Plus get the answers to Wordle t...

Read More

Your experience on this site will be improved by allowing cookies.