What Is The Weakest Link In Your Business's Security?
Did you know that there is a survey done every year, asking thousands of people to share anonymously what passwords they use most and to detail their password habits.
One thing that is surprising, shocking and disappointing is that each year we see the same results, time and time again.
The Top Ten Most Used Insecure Passwords
Year after year, certain passwords consistently appear in the top ten rankings of insecure passwords. These choices are often simple, memorable, and unfortunately, highly vulnerable to unauthorised access and VERY easy to guess.
Below is a list of the most commonly used insecure passwords, along with how long each has remained in the top ten:
Top 10 Weakest Passwords (2026) - source Wikipedia
- 123456 (Ranked #1, Top spot for over a decade)
- 123456789 (Ranked #2)
- 12345678 (Ranked #3)
- password (Consistently top 5 for over 15 years)
- 12345 (Consistently top 10)
- qwerty (Top 10 for over 10 years)
- 1234567 (Top 10 for over 10 years)
- 1234567890 (Top 10 for over 10 years)
- 111111 (Common staple for 5+ years)
- qwerty123 (Top 10 for over 5 years)
These passwords have remained popular largely because they are easy to remember, but this simplicity comes at the expense of security.
Note: Other variants, such as "admin," "123123," and "P@ssw0rd," are also commonly found in the top 25.
Why Insecure Passwords Persist
Many users opt for simple passwords out of convenience, habit, laziness, or a lack of understanding about security risks. Reusing passwords across multiple accounts or choosing patterns like "123456" makes them quick to enter but leaves accounts exposed to brute-force attacks and data breaches. The most widely used passwords are the first ones they try when attacking a system.
The persistence of these insecure choices highlights the need for ongoing awareness and training.
Protecting Your Business
Businesses must take proactive steps to mitigate the risks posed by weak passwords. Start by implementing strong password policies that require complexity and regular changes. Encourage the use of password managers to help staff generate and store unique, robust passwords for every account.
Multi-factor authentication (MFA) should be enabled wherever possible, adding an extra layer of protection against unauthorised access.
Educating Staff
Staff education is key to improving password security. Provide regular training sessions to raise awareness about the dangers of insecure passwords and best practices for creating strong credentials. Share real-world examples of breaches caused by weak passwords and encourage open dialogue about password management. Make sure staff understand how to recognise phishing attempts and know the procedures for reporting suspicious activity.
How does this affect your business?
Insecure passwords continue to be a significant threat to business security. By understanding the prevalence of weak password choices and taking practical steps to address them, businesses can better protect their data and assets. Prioritising staff education and enforcing strong password policies will help foster a culture of security and vigilance. Now is the time for every organisation to make password protection a top priority.
At The Silver Cloud Business we can offer a range of online training and awareness sessions that businesses can use to educate staff about the importance of password security. We can also configure your environment to require complex passwords that meet a minimum level of security and we can help deploy password management solutions to ensure complex passwords are kept safe and secure.
If you would like more information about password security and eduction, call us on 01722 411 999 and we will happily help secure your business.