On-Site Magazine

Construction passwords easy to crack

By Adam Freill   

Construction Software

NordPass study exposes construction and manufacturing sector’s most common passwords, and why they are easy to hack.

(Image courtesy of NordPass)

Passwords used by workers to secure business accounts in the construction and manufacturing sectors tend to be weak, according to new research by NordPass that looked at employees working for some of the world’s richest companies. While cybersecurity experts repeatedly urge businesses to take better care of corporate accounts, passwords such as “123456,” “password,” and “aaron431” still make it to the top of the construction and manufacturing industry’s list, says the password management company.

“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” said Jonas Karklys, CEO of NordPass. “On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits. This research once again proves that we should all speed up in transitioning to alternative online authentication solutions.”

According to the study, the passwords “password” and “123456,” which shared the top two spots in last year’s list of the world’s most common passwords, continue their popularity. The word “password” was the third most trending pick among the construction and manufacturing sector’s employees and “123456” ranked second.

Just like with regular internet users, dictionary words, names of people and countries, and simple combinations of numbers, letters, and symbols make up most passwords presented in the research, however, employees at the world’s wealthiest companies also love passwords that directly reference or hint at the name of a specific company. The full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and the company product or subsidiary name are common sources of inspiration. These passwords are present in half of the construction and manufacturing sector’s top 20.


“These types of passwords are both poor and dangerous to use. When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are,” explained Karklys. “Employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something as basic as the company’s name.”

According to an IBM report, in 2022, stolen or compromised credentials remained the most common cause of a data breach in companies, accounting for 19 per cent. Karklys says that by implementing a few cybersecurity measures, such as ensuring that passwords are strong, businesses could avoid many cybersecurity incidents. His company recommends that passwords consist of random combinations of at least 20 upper- and lower-case letters, numbers, and special characters.




Stories continue below