The findings of the 2025 Cybersecurity Pulse Survey reveal ongoing and troubling employee behaviors related to password security.
Despite years of cybersecurity training and repeated incidents, many employees continue to write passwords on Post-it notes and leave them in plain sight at their desks, undermining organizational security.
The survey uncovered that password reuse and sharing are still alarmingly common, showing a disconnect between company policies and actual employee practices. It highlights a pervasive sense of frustration among workers, who find strict password policies cumbersome and often circumvent them for convenience, inadvertently increasing the risk to their organizations.
The findings indicate that despite advances in security technologies, human error and lax discipline remain significant challenges in protecting sensitive data. The piece underscores that even as companies invest in advanced software and multifactor authentication, these efforts are frequently rendered ineffective by weak human practices such as poor password hygiene, careless sharing, and storing plaintext passwords in unsecured locations. Rather than technical vulnerabilities, it's often the basic lapses in user behavior that give cybercriminals easy access to sensitive information.
Source: https://finance.yahoo.com/news/passwords-post-2025-cybersecurity-pulse-130000781.html
Commentary
A highlight of the article is that human error and lax discipline are a challenge to preserving data, especially as to password and password security.
Below are the best practices for human beings regarding password hygiene:
- Simple passwords
- 123456
- Password
- Qwerty
- Short passwords
- okgo
- 1234
- Single word passwords
- Admin
- guest
- Welcome
- Monkey
- Personal passwords
- Names
- Birthdates
- Pet names
- Dictionary passwords
- Common words found in a dictionary
- Default passwords
- Passwords provided by a manufacturer/developer
- Predictable patterns/sequences
- Abcd1234
- Aabbccddeeffgg
- 111111
- 1a2b3c4d
- Keyboard patterns
- Qwerty
- Asdfgh
- 1q2w3e4r
- Common substitutions of numbers/special characters for letters
- P@ssw0rd
- Pa55w0rd
- Pa$$w0rd
- Incremental or pattern changes to a password
- Changing from "qwerty1" to "qwerty2"
- Same password used for multiple, different accounts
- Sharing passwords
- Passwords not regularly altered/updated
- Passwords not altered/updated after a security breach/warning
- Passwords not altered/updated after voluntary disclosure for repairs/troubleshooting/other reasons
- Unsecured passwords
- Default passwords
