Premium

123456: The Office Password That Might Kill the Office

David Manney | 10:34 PM on July 06, 2025
AP Photo/Damian Dovarganes, File

The Password That Opened the Gates

It wasn’t some brilliant hack. No stealthy phishing campaign. No dark-web malware worm.

Just 123456.

That’s it.

That’s what lets someone into the system. Into the files. Into the company’s heart. Like carving a hole in the front door and calling it a keyhole.

According to the team at NordPass, 123456 isn’t rare. It’s the most commonly used password in the world, appearing more than 3 million times.

Right behind it? 123456789.

Third place? 12345678.

Are you seeing a pattern here?

People don’t secure their front gates. They hang up welcome signs and leave cookies.

The Cubicle Cult of Convenience

These aren’t twelve-year-olds sneaking onto NORAD.

These are grown adults.

They work in banks. In hospitals. At shipping companies. In law firms.

And they’re logging into work accounts with “password1” or “iloveyou.”

Every one of the top 25 passwords? Crackable in under a second. One second. That’s not a metaphor. That’s math.

This isn’t hacking; it's leaving the door open and letting people walk in. Carelessness stopped at the door because password security has become a joke. It's not just a culture problem at work. It's everywhere.

The Lazy Top 10

Let's review the passwords used by individuals with access to payroll, patient records, and proprietary files.

Here are the top ten biggest security facepalms for secure systems:

  • 123456
  • 123456789
  • 12345678
  • password
  • qwerty123
  • qwerty1
  • 111111
  • 12345
  • secret
  • 123123

This collection of bad decisions isn't a list of passwords. It's a neon sign saying, "Enter Here!"

It takes less than a second to crack these "passwords." It doesn't require a genius hacker to employ advanced theories. Any middle schooler using basic tools would discard those passwords without breaking a sweat.

This list isn't an example of clever or cute. These are the reasons companies lose data and people's jobs.

The IT Guy You Keep Ignoring

Every office building has one, usually near the back in a room without windows or fanfare. Once a month, a company-wide email reminding people to update their credentials.

Soon thereafter, the IT department forwarded network security videos accompanied by a quiz warning about suspicious emails.

Eyes rolled, emails deleted, quizzes ignored.

Soon, an email was sent urging people to stop using their pets' names as passwords. What followed was a gaggle around the coffeemaker, laughing at made-up pet names.

All was fun until that day. Screens freeze. Payrolls vanish. Propriety data leaks. The IT tech isn't answering because they are on the phone with security experts, wondering what can be done to at least get the phones working.

Ransomware Isn’t Magic. It’s Your Fault.

What's terrifying is how rapidly ransomware has evolved over the past decade.

There's not much effort involved in taking over a company's network because many continue to leave the digital door wide open. Complicated passwords, such as "abc123" or "qwerty," thought of by the geniuses in the C-Suite, stopped hospitals, airports, and city halls in their tracks. Real places went dark because password security wasn't taken seriously.

Billions of dollars have been lost due to passwords like "000000."

But, keep going. Things will work out fine.

Schmaybe.

Security by Culture, Not Policy

There’s a security binder somewhere in the office. Probably hasn't been touched since the last fire drill.

But policy isn’t the problem. Culture is.

If leadership logs in with “qwerty123,” what do you expect from interns?

If the finance department writes down passwords on sticky notes, what chance does a firewall have?

Millions spent on firewall security don't fix laziness. Lazy doesn't get a patch. Instead, lazy spreads.

The Tab You Don’t Want to Open

Like clockwork, what follows breaches has become tiring as predicting:

  • Lawsuits
  • Press calls
  • Regulator emails
  • Lost customers
  • HR scrambling for scapegoats

Beware, that scapegoat someday might be you.

What's the real cost? What can't be fixed with a PR statement?

Trust.

No matter how many password resets are attempted, the wreckage remains complete.

Password Security 101

Suppose you're reading this and thinking, “Okay, fine. What do I do?” Here’s what every employee, employer, intern, and IT burnout should know:

  • Longer is Stronger
  • Aim for at least 12 characters. Think of it like building a longer hallway for burglars to run through. Every extra step helps.
  • Mix It Up
  • Use a combination of uppercase and lowercase letters, numbers, and special characters. “CorrectHorseBatteryStaple” won’t cut it anymore unless you add some teeth: “C0rr3ct!H0rse$Battery^Staple”.
  • No Names, No Birthdays, No Pets
  • Your daughter’s name, your wedding year, or your golden retriever? That’s stuff hackers can find in your Facebook photos. Don’t hand them the answer sheet.
  • Stop Reusing Passwords
  • One breach opens all the doors if you use the same login for Amazon, Gmail, payroll, and your fantasy football league. Treat each account like a different vault.
  • Use a Password Manager
  • Stop trying to remember 38 logins. Good password managers generate and store complex passwords, then autofill them securely. They’re safer than your notebook, your memory, or your browser's "remember me" function.
  • Two-Factor Authentication Isn’t Optional
  • It’s not a nuisance. It’s your second gate. If a password is the lock, 2FA is the alarm. Use it. Everywhere.
  • Change Your Passwords Regularly
  • No, not every week. However, checking every few months, especially for sensitive systems, can help prevent stale logins from becoming entry points.
  • Don’t Share Them
  • Not with your spouse. Not with your boss. Not with Gern, who “just needs to check something quick.” It’s called a password for a reason. Pass. Word. One person. You.

Final Thoughts

You wouldn't leave your car, doors wide open, in a poor neighborhood with a note tapped to the steering wheel saying you'll return shortly, would you?

When your password is 123456, that's precisely what you do.

You can't avoid corporate arson by treating proper password security as a joke. By the time you remember to change it, it may be too late.

It's hard blaming arsonists when you're the one holding the match.

Do your part to protect the team, the client's trust, and the IT tech's life expectancy.

For all that's geeky holy, change your password to a short sentence (without spaces), or at least make a password that's not lazy.

Do it. Now.

David Manney

David Manney is a writer and thinker passionate about truth, clarity, and challenging systems that fail those they claim to serve. He brings a sharp eye, a steady voice, and a deep sense of purpose to everything he creates.

Read more by David Manney

Category:

COLUMNS

Recommended

Suppose They Threw a Protest for Stephen Colbert and (Almost) Nobody Came? Stephen Green
The Morning Briefing: I Hope Trump Can Resuscitate Accountability in the Political Class Stephen Kruiser
Marco Rubio's Plans for 2028 Might Surprise You Sarah Anderson
Man Flies to Scotland to ‘Send a Message to Trump,’ but Then Does This on His Plane Robert Spencer
Bold Prediction: Meet Georgia's Next Senator Chris Queen
Newsom’s Nonprofit Gets FireAid Funds — Because of Course It Does Chris Queen

Trending on PJ Media Videos

Advertisement

Trending

Editor's Choice

MONDAY AT 3 P.M. EASTERN: 'Five O'Clock Somewhere' With Kruiser, VodkaPundit
The Democrats’ Epstein Gamble Will Likely Backfire
Somebody Please Pinch Me 'Cause I Keep Hearing Trump and Congress Defunded NPR/PBS
Advertisement