Person Entering Password on Computer.

The first Thursday of May is recognized as World Password Day and serves as a yearly reminder for companies to tend to their login security. We wanted to take this opportunity to share some eye-opening facts about password usage.  

The world of cybersecurity is constantly evolving, and so are the tactics used by cybercriminals to gain access to sensitive information. Additionally, as remote and hybrid work becomes the new norm, it’s more important than ever to ensure that our passwords are secure. 

Despite the numerous warnings and guidelines on creating strong passwords, many people still fall prey to cyberattacks due to weak login credentials. Being aware of these eight surprising facts can help you and your credit union stay vigilant against potential security breaches. 

01./ Names, Sports, Food, Places, Animals, Famous People, and Characters are the Most Common Passwords

ID Agent analyzed the top 250 passwords found on the dark web, and the most common types of password choices were: names, sports, food, places, animals, and famous people/characters. 

The most common passwords for each type include: 

Names: Maggie 

Sports: baseball 

Food: cookie 

Places: Newyork 

Animals: lemonfish 

Famous People/Characters: Tigger  

More specifically, the most common passwords of 2023 continue to be variations of “123456,” “qwerty,” and “password.” Each of these common passwords or password types must be avoided! 

02./ Over 80% of Cybersecurity Incidents are Caused by Bad Passwords

Today, nearly 80% of all data breaches are the devastating result of lost, weak or stolen passwords, according to ID Agent. 

Every organization, regardless of size, must implement a secure identity & access management platform to protect their digital identity, their data and their business continuity. 

03./ Passphrases are Stronger than Passwords

Passphrases have now become the new best practice instead of passwords. A passphrase is longer than a password and contains spaces in between words. A passphrase can also contain symbols and does not have to be a proper sentence or grammatically correct. 

The main difference between the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters. 

Passphrases are better than passwords because they: 

  • Increase security 
  • Are easy to remember 
  • Are almost impossible to guess or crack 
  • Provide better resistance against dictionary attacks 
  • Are easier to type than random passwords 
  • Can customized to reflect personal preferences and interests 
  • Satisfy complex security rules easily 

04./ Passwords were Leaked in about 65% of Breaches in 2019

According to a 2019 study by Forbes, 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records. 

Perhaps even more remarkable is the fact that 3.2 billion of those records were exposed by just eight breaches. As for the exposed data itself, the report has email (contained in 70% of breaches) and passwords (65%) at the top of the pile. 

05./ 49% of Employees Only Add a Digit or Change a Character in their Password

An estimated 49% of employees only add a digit or change a character in their password when they’re required to update it, says ID Agent. 

The average person reuses passwords 14 times, and 69% of people share passwords with colleagues for account access. These practices are not a sufficient and employees need to be taught best practices in order to keep your credit union secure. 

It can be difficult to control and enforce strong and secure password requirements across your organization. Often, users sacrifice security for convenience by using weak passwords or reusing passwords for multiple logins, resulting in increased risk of exposure or theft. 

Even strong and complex passwords are not completely secure. Compromised credentials obtained because of phishing, keylogging and third-party data breaches can be used to gain unauthorized access to your business. 

Celero Security Awareness Training prepares your employees to defend against cyber-attacks including phishing, spear-phishing, executive whaling or CEO fraud. This program is taught by technical experts and includes baseline testing using mock attacks, engaging interactive web-based training for employees and continuous employee assessment. 

06./ Password Managers take out the Most Exploitable Element: Human Element

Writing down and trying to remember every password is a bad habit that can and should be left in the past. The solution is secure identity and access management (IAM), or password managers that store and protect an individual’s set of passwords. This means no more relying on human attempts at remembering and hiding log in credentials— the password managers have it covered. 

A password manager quickly adapts to your daily operational requirements by seamlessly integrating with the applications you need to run your business. This provides an additional level of security that reduces the vulnerabilities caused by human error. 

In partnership with ID Agent, Celero offers our clients Passly. This password management solution provides a comprehensive and cost-effective platform that improves security and efficiency while reducing helpdesk costs.  

Passly provides enhanced security through:  

  • A mobile app which supports both push notifications and one-time passcodes   
  • Third-party authenticator apps to generate one-time passcodes  
  • Alternative devices such as the YubiKey 

07./ Several Hours per Year are Spent Entering and/or Resetting Passwords

According to a Ponemon Institute study, the average person spends 10.9 hours entering and/or resetting passwords per year. 

On average, administrators spend 27 hours per year resolving user access problems for every 100 users according to an EMA Study. Businesses are facing loss of productivity in the absence of a suitable password manager solution. 

This is just a glimpse of the loss of productivity businesses aim to avoid by employing the right password management tool. It becomes increasingly important as the decrease in productivity may also translate into loss of revenue.  

Good password practices provide security with enhanced productivity and a low-friction user experience. 

8./ Passwords are Sold on the Dark Web

Did you know that passwords are a valuable commodity on the dark web? Cybercriminals sell stolen login credentials to the highest bidder, giving them access to online accounts. Despite the increasing prevalence of this issue, many users fail to take adequate measures to protect themselves, with a Ponemon Institute study finding that 57% of respondents have not changed their password behavior. 

ID Agent’s Dark Web Monitoring ensures that your credit union’s credentials are secure. By proactively monitoring the dark web 24/7, you can track and triage potential information leaks and create effective policies and procedures to minimize your future risk. Stay ahead of new trends in cyberattacks with ongoing reporting to keep you informed and your credit union safe. 

If you are interested in learning how Celero can help your credit union secure their environment, please contact us or talk to your Celero Account Executive. 


About Celero
Celero is a leading provider of digital technology and integration solutions to credit unions and financial institutions across Canada. Clients trust Celero’s proven track record delivering innovative banking technologies, digital and payment solutions, cloud computing, outsourcing, IT and advisory services.

Read more blog posts by Celero
Subscribe to Celero Insights Blog