Despite handling trillions in transactions and guarding critical data, many financial institutions are still using weak and highly guessable passwords – opening the door to cybercriminals. A new study by NordPass reveals that financial institutions – including banks, fintech platforms, and accounting firms – are still relying on passwords like “123456,” “P@ssw0rd,” and yes, even “Mikeross69” to protect highly sensitive systems.
These credentials were found across banking dashboards, email logins, and internal tools – leaving critical data vulnerable in one of the world’s most targeted industries. The research highlights the 20 most commonly used (and most easily guessed) passwords in the finance sector, and offers expert advice for improving password hygiene and reducing breach risk.
These weak passwords were found in use across a variety of platforms – from internal banking dashboards and accounting systems to employee email logins and demo accounts. In some cases, credentials like “demo” and “secret” suggest default passwords were never changed, creating a major vulnerability.
“Finance is one of the most targeted industries for cybercrime – and yet many of the passwords we found wouldn’t pass a basic security audit. With sensitive financial data on the line, outdated password practices are a major liability,” says Karolis Arbaciauskas, head of business product at NordPass in a statement sent to Digital Journal.
The research showed a troubling reliance on default logins, simple numeric sequences, and personal or company-related names – all of which are easily cracked with even basic tools. The list includes the usual suspects like “123456,” “password,” and “abc123” – but also a few more… creative choices.
One standout: “Mikeross69,” a nod, perhaps, to Suits fans with questionable judgment. Unfortunately, cybercriminals do no need to pass the bar to crack that one.
List of password shame
1. ABCDEF
2. 123456
3. user@123
4. 12345678
5. Mikeross69
6. secret
7. password
8. P@ssw0rd
9. demo
10. Okere@770!
11. 12345
12. Karra0915
13. 123456789
14. gadai123!
15. Sparsh@22
16. ccissexy
17. Hulela06*
18. abc123
19. samrawit@lms.com
20. !Welcome2022
These credentials were found guarding access to sensitive systems – and many follow easily guessed formats such as personal names + numbers, birth years, or common finance-related terms.
Strengthening the financial sector’s cybersecurity posture
Cyberattacks on financial institutions can result in massive data leaks, reputational damage, and regulatory penalties. And yet, many breaches still begin with one compromised login.
Steps for improved password security:
- Avoid using personal names, years, or company references in passwords. These are easy to find and guess.
- Educate teams at all levels. From analysts to executives, everyone should understand modern password hygiene.
- Use strong, unique passwords stored in a business-grade password manager. This removes the need to reuse or write them down.
- Enable multi-factor authentication (MFA). Even if a password is stolen, MFA can stop unauthorized access in its tracks.
