Human Error Continues To Create Password Hygiene Challenges

October 9, 2025

The findings of the 2025 Cybersecurity Pulse Survey reveal ongoing and troubling employee behaviors related to password security.

Despite years of cybersecurity training and repeated incidents, many employees continue to write passwords on Post-it notes and leave them in plain sight at their desks, undermining organizational security.

The survey uncovered that password reuse and sharing are still alarmingly common, showing a disconnect between company policies and actual employee practices. It highlights a pervasive sense of frustration among workers, who find strict password policies cumbersome and often circumvent them for convenience, inadvertently increasing the risk to their organizations.

The findings indicate that despite advances in security technologies, human error and lax discipline remain significant challenges in protecting sensitive data. The piece underscores that even as companies invest in advanced software and multifactor authentication, these efforts are frequently rendered ineffective by weak human practices such as poor password hygiene, careless sharing, and storing plaintext passwords in unsecured locations. Rather than technical vulnerabilities, it's often the basic lapses in user behavior that give cybercriminals easy access to sensitive information.

Source: https://finance.yahoo.com/news/passwords-post-2025-cybersecurity-pulse-130000781.html

Commentary

A highlight of the article is that human error and lax discipline are a challenge to preserving data, especially as to password and password security. 

Below are the best practices for human beings regarding password hygiene:

  • Simple passwords
    • 123456
    • Password
    • Qwerty
  • Short passwords
    • okgo
    • 1234
  • Single word passwords
    • Admin
    • guest
    • Welcome
    • Monkey
  • Personal passwords
    • Names
    • Birthdates
    • Pet names
  • Dictionary passwords
    • Common words found in a dictionary
  • Default passwords
    • Passwords provided by a manufacturer/developer
  • Predictable patterns/sequences
    • Abcd1234
    • Aabbccddeeffgg
    • 111111
    • 1a2b3c4d
  • Keyboard patterns
    • Qwerty
    • Asdfgh
    • 1q2w3e4r
  • Common substitutions of numbers/special characters for letters
    • P@ssw0rd
    • Pa55w0rd
    • Pa$$w0rd
  • Incremental or pattern changes to a password
    • Changing from "qwerty1" to "qwerty2"
  • Same password used for multiple, different accounts
  • Sharing passwords
  • Passwords not regularly altered/updated
  • Passwords not altered/updated after a security breach/warning
  • Passwords not altered/updated after voluntary disclosure for repairs/troubleshooting/other reasons
  • Unsecured passwords
  • Default passwords


 

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

From Policy To Practice: A Healthcare Employer's Guide To Reasonable Accommodations?

We explain steps for healthcare organizations to use to provide accommodations, foster inclusivity, and prevent costly disability discrimination claims.

Managers As Gatekeepers: Preventing Illegal Age Bias In Layoff Recalls

We examine the critical role managers have in ensuring fair recall practices after layoffs and preventing illegal age discrimination in the workplace.

Riding Shotgun On Your Payroll: Preventing Internal Theft And Identity Fraud

We examine the risks of payroll fraud, identity theft, and embezzlement, and the need for strong internal controls and vigilant monitoring to safeguard organizational finances.

Are Gen Z Employees Taking Sick Days For Mental Health Issues?

A survey shows a certain percentage of Gen Z employees are taking mental health days. Is that your experience? We want to know.

Botnets, D-Link Routers, And Steps For Organizational Security

We explain how botnets operate, why D-Link devices are vulnerable and remain common in business environments, and what actions IT teams should prioritize to defend their networks.