Latest Stories

    Celero Insights

    Filter By Categories

    10 surprising facts about password usage

    May 06, 2021

    World Password Day is a yearly reminder for companies to tend to their password and login security.

    May 6 is World Password Day and to mark the occasion, we want to bring awareness to the topic and present 10 surprising facts about password usage.

    It might seem like everyone knows enough about bad passwords that we don’t need to observe World Password Day anymore, but that isn’t the case. Bad, weak, or compromised passwords are still a plague on information security.


    With all the recent cybersecurity incidents that have taken place because of lost or stolen credentials, this is the perfect time to remind ourselves why passwords and password security are still a relevant issue for information security. We’ll also review some key actions you can take to improve login security. Keep on reading to discover why password security is more important than ever in the new remote working world.



    1. Names, Sports, Food, Places, Animals, Famous People and Characters are the most common passwords

    ID Agent analyzed the top 250 passwords found on the dark web, and the most common types of password choices were: names, sports, food, places, animals, and famous people/characters.


    The most common passwords for each type include:

        • Names: Maggie
        • Sports: baseball
        • Food: cookie
        • Places: Newyork
        • Animals: lemonfish
        • Famous People/Characters: Tigger

    Don’t use any of these common passwords!

    1. Over 80% of cybersecurity incidents are caused by bad passwords

      Today, nearly 80% of all data breaches are the devastating result of lost, weak or stolen passwords, according to ID Agent.

      Every organization, regardless of size, must implement a secure identity & access management platform to protect their digital identity, their data and their business continuity.
    1. Passphrases are stronger than passwords

      Passphrases have now become the new best practice instead of passwords. A passphrase is longer than a password and contains spaces in between words. A passphrase can also contain symbols and does not have to be a proper sentence or grammatically correct.

      The main difference between the two is that passwords do not have spaces while passphrases have spaces and are longer than any random string of letters.

    Passphrases are better than passwords for the following reasons:

        • Passphrases are easier to remember
        • Passwords are easier to guess or crack
        • Passphrases satisfy complex rules easily
        • Passphrases are next to impossible to crack
      • 4. Passwords were leaked in about 65% of breaches in 2019
      • According to a 2019 study by Forbes, 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records.
      • Perhaps even more remarkable is the fact that 3.2 billion of those records were exposed by just eight breaches. As for the exposed data itself, the report has email (contained in 70% of breaches) and passwords (65%) at the top of the pile.
      • 5. 49% of employees only add a digit or change a character in their password
      • An estimated 49% of employees only add a digit or change a character in their password when they’re required to update it, says ID Agent.
      • The average person reuses passwords 14 times, and 69% of people share passwords with colleagues for account access. These practices are not a sufficient and employees need to be taught best practices in order to keep your credit union secure.
      • It can be difficult to control and enforce strong and secure password requirements across your organization. Often, users sacrifice security for convenience by using weak passwords or reusing passwords for multiple logins, resulting in increased risk of exposure or theft.
      • Even strong and complex passwords are not completely secure. Compromised credentials obtained as a result of phishing, keylogging, and third-party data breaches can be used to gain unauthorized access to your business.
      • Celero Protex Enterprise Security Awareness Training prepares your employees to defend against cyber attacks including phishing, spear-phishing, executive whaling or CEO fraud. This program is taught by technical experts and includes baseline testing using mock attacks, engaging interactive web-based training for employees, and continuous employee assessment.
      • 6. Password managers take out the most exploitable element (human element)

    Secure identity and access management (IAM) or password managers are your one-stop solution for enforcing stringent user identity verification practices and blocking any unauthorized access to your critical data. The solution combines and integrates several distinct security tools under a single platform to guarantee all-round security of your business systems and applications.


    A password manager quickly adapts to your daily operational requirements by seamlessly integrating with the applications you need to run your business every day. It provides you with the level of security your business needs to stay protected from the sophisticated cyberthreats of today. Speaking of a password manager, we are pleased to announce that we will be launching out new password manager, Passly, in partnership with ID Agent in the coming weeks. Passly provides the most comprehensive and cost-effective platform available to enable security, compliance, and efficiency.


    7. Multi-factor authentication helps comply with regulatory requirements


    Multi-factor authentication (MFA) helps your credit union comply with regulatory requirements.


    The layered security protections of our platform’s MFA solution meet the security protocols necessary to achieve and prove compliance for most regulatory bodies. MFA is a necessary compliance tool with PCI-DSS, so if you are working towards PCI compliance, start to consider MFA.


    8. MFA takes the sting out of stolen or compromised passwords


    MFA stops fraudsters dead in their tracks. If they steal your password, they will not be able to access your accounts as MFA only grants access after successfully presenting two or more pieces of evidence from an authentication mechanism.


    Celero’s upcoming password manager, Passly provides enhanced security to identity management with their MFA through:

        • A mobile app which supports both push notifications and one-time passcodes ​
        • Third-party authenticator apps to generate one-time passcodes
        • Alternative devices such as the YubiKey

    9. 10.9 hours per year are spent entering and or/resetting passwords


    According to a 2019 Ponemon Institute Study, the average person spends 10.9 hours (per year) entering and/or resetting passwords.


    On average, administrators spend 27 hours per year resolving user access problems for every 100 users. Businesses are facing loss of productivity in the absence of a suitable password manager solution.


    This is just a glimpse of the loss of productivity businesses aim to avoid by employing the right password management tool. It becomes increasingly important as the decrease in productivity may also translate into loss of revenue.​


    Good password practices provide security with enhanced productivity and a low-friction user experience.


    10. Passwords are sold on the dark web


    Did you know that passwords are often up for sale on the dark web to the highest bidder? More cybercriminals are eyeing your passwords than ever before, and credential theft is where it all begins. Despite this, a Ponemon Institute study found that 51% of respondents have not changed their password behaviour.



    Celero Protex Dark Web Monitoring ensures that your credit union’s credentials are secure. We proactively monitor the dark web 24/7 to track and triage potential information leaks and create effective policies and procedures to minimize your future risk. Stay ahead of new trends in cyberattacks with ongoing reporting to keep you informed and your credit union safe.


    If you are interested in learning how Celero can help your credit union secure their environment, please contact us or talk to your Celero Account Executive.


    Related posts:

    Q&A with Celero’s Chief Information Security Officer, Matt Laba

    Five cyber threats facing credit unions and how to stop them

    3 ways to increase your digital banking security and protect members online

    Fraudsters Exploiting Covid-19 for Profit

    How to recognize, reject and report fraud

    Protection against technology scams

    Infographic: 5 ways cyber criminals bait businesses through phishing


    Subscribe to Celero Insights.

    Subscribe Email