From ‘P@ssw0rd’ to Payday: Weak Credentials Threaten Financial Systems

New NordPass research reveals poor password hygiene in the finance sector, putting sensitive data at risk

Despite handling trillions in transactions and guarding critical data, many financial institutions are still using weak and highly guessable passwords - opening the door to cybercriminals. A new study by NordPass, in collaboration with NordStellar, reveals that banks, fintech platforms, and financial service providers are relying on credentials like “123456,” “password,” and even “user@123” to protect their systems.

These weak passwords were found in use across a variety of platforms - from internal banking dashboards and accounting systems to employee email logins and demo accounts. In some cases, credentials like “demo” and “secret” suggest default passwords were never changed, creating a major vulnerability.

“Finance is one of the most targeted industries for cybercrime - and yet many of the passwords we found wouldn’t pass a basic security audit. With sensitive financial data on the line, outdated password practices are a major liability,” says Karolis Arbaciauskas, head of business product at NordPass.

The top 20 not-so-secret passwords in the finance sector:

The research showed a troubling reliance on default logins, simple numeric sequences, and personal or company-related names - all of which are easily cracked with even basic tools. The list includes the usual suspects like “123456,” “password,” and “abc123” - but also a few more... creative choices. One standout: “Mikeross69,” a nod, perhaps, to Suits fans with questionable judgment. Unfortunately, cybercriminals don’t need to pass the bar to crack that one. 

1. ABCDEF

2. 123456

3. user@123

4. 12345678

5. Mikeross69

6. secret

7. password

8. P@ssw0rd

9. demo

10. Okere@770!

11. 12345

12. Karra0915

13. 123456789

14. gadai123!

15. Sparsh@22

16. ccissexy

17. Hulela06*

18. abc123

19. samrawit@lms.com

20. !Welcome2022

    
    

     

These credentials were found guarding access to sensitive systems - and many follow easily guessed formats such as personal names + numbers, birth years, or common finance-related terms.Strengthening the financial sector’s cybersecurity postureCyberattacks on financial institutions can result in massive data leaks, reputational damage, and regulatory penalties. And yet, many breaches still begin with one compromised login.Arbaciauskas recommends these steps for improved password security: 

• Avoid using personal names, years, or company references in passwords. These are easy to find and guess.

  
  

   

• Educate teams at all levels. From analysts to executives, everyone should understand modern password hygiene.

  
  

   

• Use strong, unique passwords stored in a business-grade password manager. This removes the need to reuse or write them down.

  
  

   

• Enable multi-factor authentication (MFA). Even if a password is stolen, MFA can stop unauthorized access in its tracks.

  
  

   

“Trust is the currency of the finance world - and it’s easily lost through one weak password. It’s time for finance leaders to take password security as seriously as fraud prevention or compliance,” Arbaciauskas adds. 

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It's powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.