From ‘P@ssw0rd’ to payday: weak credentials threaten financial systems

Chris Price Cybersecurity
Share

Despite handling billions in transactions and safeguarding highly sensitive data, many financial institutions are relying on woefully weak and easily guessable passwords.

New research by NordPass, in collaboration with NordStellar, reveals a shocking lack of basic password hygiene across banks, fintech platforms, and other financial service providers.

The study uncovered credentials like “123456,” “password,” and even “user@123” protecting critical internal systems, accounting software, employee email logins, and demo accounts. In some instances, default passwords such as “demo” and “secret” were still in use, representing glaring security holes.

“Finance is one of the most targeted industries for cybercrime – and yet many of the passwords we found wouldn’t pass a basic security audit,” states Karolis Arbaciauskas, head of business product at NordPass. “With sensitive financial data on the line, outdated password practices are a major liability.”

The research highlighted a troubling reliance on simple numeric sequences, common terms, and personal or company-related names. Here are the top 20 most common passwords discovered in the finance sector:

  1. ABCDEF
  2. 123456
  3. user@123
  4. 12345678
  5. Mikeross69
  6. secret
  7. password
  8. P@ssw0rd
  9. demo
  10. Okere@770!
  11. 12345
  12. Karra0915
  13. 123456789
  14. gadai123!
  15. Sparsh@22
  16. ccissexy
  17. Hulela06*
  18. abc123
  19. [email protected]
  20. !Welcome2022

These easily cracked credentials, including a pop-culture reference like “Mikeross69,” are guarding access to systems that, if compromised, could lead to massive data leaks, severe reputational damage, and hefty regulatory penalties.

To bolster cybersecurity, Arbaciauskas strongly recommends avoiding personal names or company references in passwords, educating all staff on modern password hygiene, utilizing strong, unique passwords stored in a business-grade password manager, and, crucially, enabling multi-factor authentication (MFA).

“Trust is the currency of the finance world – and it’s easily lost through one weak password,” Arbaciauskas warns. “It’s time for finance leaders to take password security as seriously as fraud prevention or compliance.”

Nordpass 

For latest tech stories go to TechDigest.tv

Discover more from Tech Digest

Subscribe to get the latest posts sent to your email.