- Hospitality businesses are among the worst at maintaining good password health
- 123456789 and P@ssw0rd were among the top 20 most used
- Using better passwords and MFA is the best advice
A new study by NordPass has revealed just how widespread weak and predictable passwords can be, particularly within the hospitality industry.
According to the research, hotels, restaurants and other similar businesses are failing to secure critical systems like reservation platforms, POS systems and even staff accounts by opting for weak passwords that could put guest data and business operations at risk of cyberattacks.
NordPass also realized that many businesses are reusing similar or outdated passwords across systems, meaning that if a hacker can gain access to one platform, they may be able to move laterally within the business.
Hospitality businesses are really rubbish at passwords
Five password categories were highlighted as common options for businesses in this industry, including simple numeric sequences (123456789), general terms (Reservattions2021!), brand-related terms (Ramada@123), easy-to-guess patterns (P@ssw0rd) and developer or role-related terms (developer2). The five examples given aren't simply examples – they appear in NordPass's top 20 most commonly used passwords in hospitality.
"In hotels and restaurants, guests expect great service – not for their personal data to be on the menu," Head of Business Product Karolis Arbaciauskas commented. "The presence of multiple 'reservations' variants and brand-related terms suggests that many businesses still lack clear password hygiene policies," the notice reads.
The company, known for its password manager, shared four pieces of advice, beginning with the most obvious – to avoid predictable passwords that can be easily guessed or extracted via social engineering, which continues to be the most common method of entry for attackers.
Businesses should also implement multi-factor authentication for further protection, store their credentials in password managers, and build a security-aware culture with frequent and comprehensive training.
NordPass has three separate business-focused plans – Teams, Business and Enterprise – which offer features like SSO, secure sharing and compliance features.
You might also like
- We've listed the best password generators
- Protect your online footprint with the best VPNs
- Hackers are distributing a cracked password manager that steals data, deploys ransomware
