7 Passwords You Should Never Use at Your Small Business

James O'Brien

Owning a small business means owning data. You’re constantly acquiring new information related to your customers, your financial details, and all the vendors and contractors with whom you work.  One cyber criminal, though, one lucky hack, and you’ve just exposed your business to a major blow. From lost trust among your clients to costly lawsuits for the damage done, protecting your company from data theft is among your most important responsibilities.

A lot of it comes down to one simple choice you make:  passwords.

“Overall, passwords still present the biggest challenge for businesses of all sizes,” said Ron Schlecht, founder and managing partner of BTB Security. Businesses hire Schlecht’s company to test their digital security for weak spots and, he said, “you can’t imagine how many times we still break in to companies because of a bad password.”

If you want to avoid weak passwords at your business, start by steering clear of the following list. Read on for seven passwords you should never (ever) use.


Arguably, this is the number-one and most common bad choice. Also prevalent are variations such as P@ssword and P@55w0rd!. These might be easy to remember, but they’re also among the first options hackers will try.


Easy-to-guess passwords often take root because they’re simple to remember. That’s the story with this hacker-friendly option constructed from the sequence of letters at the top left of the typical computer keyboard.


Or, 98765. Or, 4567. You get the picture — no consecutive numbers (and the same goes for sequential letter combinations). You can only count on passwords such as these to expose your business to digital theft.


If your shop is called Serafina’s Weddings, don’t set your password as SerafinasWeddings1. That would be a early choice for hackers looking to break into your valuable data.

Business Address

Skip it entirely, when it comes to passwords. Also avoid trying to mash together similar details, such as your street name and street number — i.e. Main215. 

Date of Birth

Thanks to the Internet, it doesn’t take much effort to find a person’s DOB. Birthdays, birthdates, years of birth — all of them make for readily attainable passwords and are poor choices for your company.

Simple Dictionary Words

Especially if they’re related to your business, don’t use them. No baseball, football, or soccer for your sporting goods store. No muffler, tire, or spark plug for your auto garage.

 And so, what should you do when it comes to picking a password?

A key approach starts with thinking of a passphrase. Next, substitute letters, characters, and abbreviations for parts of it. For example, my first car was a Honda in 1990 would be easy enough to remember, if that was the case in your life. Now, change it to my1stc@r=honda90.

Steer clear of the not so magnificent seven above, and protect your data with hard-to-guess constructions. With a strong password strategy, you’re well on your way to foiling online attacks.

Next Steps:  Are you looking to expand and grow your small business but don’t have time to keep up with the latest trends and technology? We’ve got you covered with the weekly Small Biz Ahead newsletter. Sign up today and start receiving the weekly newsletter chock full of the latest tools and resources to help you run a successful business.

14 Responses to "7 Passwords You Should Never Use at Your Small Business"

    • Bree Faber | October 22, 2017 at 3:08 am

      This was very helpful for my friends mom because she owns a small business and she looked at this and she was going to do a address password. I showed her this and she said she was going to do something complicated but easy to remeber. Thank you.

    • CW | February 20, 2018 at 8:30 pm

      I have to disagree with this article.

      Most security researchers and IT Pros (myself included) understand that length is more important than complexity.

      You can have a password that is easy to remember, as long as the number of characters is high enough.

      A password which is overly complex (might also be secure) also encourages people to write them down on sticky notes.

      You can create long passwords with a favorite phrase, bible verse, or movie quote:

      “you are what you eat” could be = You are what you eat!xx where xx defines your birth year or other memorable yea.

      “say hello to my little friends” could be = !Say hell0 to my little friends!

      Passwords need not be complex to be secure. They only feel complex to us because they are hard to remember!!!

      More detail here: https://www.grc.com/haystack.htm

    • Matthew Demaree | February 20, 2018 at 11:11 pm

      We found the best solution is to use a password manager that is highly secure, most of our passwords are actually unknown even to us because the system fills the password fields for you. We set ours to create very strong passwords with letters, numbers, symbols, and at least 16+ characters. The software syncs to your phone as well so you have access anywhere you go, and 2-factor is highly encouraged.

      Download a copy with 6-free months.

    • Brian | February 21, 2018 at 12:33 am

      Years back I read a study on password psychology. Then I sized up my boss, knew she did not have children, treated her dog like a child, and had very strong maternal instincts, so I guess her password to be her dog’s name, and she was shocked when I told her my prediction. Got that one right. People often use their children’s names, and there are many other common categories.

    • Dan | February 21, 2018 at 3:08 am

      Good suggestions, though, I tend to use passwords related to the business…for instance, the auto shop, I’d be perfectly fine with $P@rk=Pl^g (instead of spark-plug).

      Generally, I use the following substitutions: $ for S, 3 for e, @ for a, 1 or ! for I, 0 for O (and vice versa!), and ^ for U. Replacing all the vowels means you don’t have a dictionary password.If I’m lazy, I might add a 123 at the end; of course, it looks like !@3.

      My mechanical engineering clients could use 2ndL@w-Th3rm0dyn@m1c$ that should slow down the script-kiddies a bit.

    • Roman | February 21, 2018 at 6:55 am

      Your password shall be no less then 15 characters or more, random phrase that you remember well, but no one also, should do. All lowercase too.
      Keep changing it every month or two,
      No one will crack that one.

    • Nadine Silverstein | February 21, 2018 at 7:34 am

      When I am looking to log on I always see network names that clearly identify which business owns the network. It’s a welcome sign for hackers. How about naming your secure network with a random name as well!

    • ElGallego | February 21, 2018 at 11:46 am

      Passwords are a nightmare. Typically, a small business has 20 to 50 essential passwords. A large business has hundreds of passwords, used by hundreds of staff. The management of passwords alone is a significant impairment of digital utility. And each password must be changed regularly, be composed of no less that ten characters, which must include one capital, one lower case, at least one digit, one non-language character, there must be no reference to your name or prior passwords, &c., &c. &c…

      Even the “fingerprint” and “retinal” solution invites nightmares, especially in foreign intelligence. All I need is the authorized eyeball or digits to have access. And the sensors themselves need intense maintenance, or security is undermined by emergency backdoors.

      I look forward to return to the use of metal keys. They also have their own weaknesses, but the chaos they inspire is of zero burden compared to digital passwords.

    • uxf | February 21, 2018 at 12:34 pm

      There’s a familiar, dreary cluelessness about articles like this. It’s as if it’s written from the point of view of a business that doesn’t know how their customers really live. Sure, you can tell people to choose a strong password, but there’s not a hint of awareness in the article that people have to have strong passwords for 30-50 accounts. That each strong password has to be unique. That each strong unique password has to be changed every 6 months. Sure you can argue about complexity versus length, but most accounts do not allow for long passwords. I have one that is actually still limited to 6 characters (!!!!). As for complexity, people have to deal with one login that requires special characters, and another login that forbids special characters, and yet another that requires special characters but forbids /, %, and @. And so on and so on.

      In other words, these articles are basically telling people to use passwords that they will never remember. And so comes the password managers, which require you to entrust your passwords not to your brain but to some software or thumb drive. If you lose that, you lose all your passwords! And what if you are trying to log in on a computer that does not have your password manager loaded on it?

      Stop the insanity and stop articles like this. Until you figure out a better solution than passwords, open up your system and let people choose whatever password they want. Otherwise, they’ll use 12345 or – and I’ve seen quite a few security specialists actually recommend this now – they’ll write it on a post-it and stick it to their computer screen!

    • Carol Quint | February 21, 2018 at 4:14 pm

      As an older person, I have a simple solution to passwords that can never be hacked or stolen. It’s called a Rolodex file system, which not only has the names of businesses I deal with, but also has phone numbers, and PASSWORDS. Yes, I hand-write each card (in pencil, in case I need to change a password, which some sites require after a few months). But everything is perfectly safe, unless you are working in an office where someone might steal your file, and then you’re in the wrong office. It is easily moved from work to home, and back again.

    • Lisap | February 22, 2018 at 12:21 pm

      The basic idea of the article is good advise, but the suggestions of what to use does not always work. Every site or program has different requirements, so just because some of those fancy passwords will work on one site, does not mean it will work on another. One may require you to have so many numbers and so many special characters, where another site may not allow the use of special characters.

      Example: my1stc@r=honda90 may work on one site, but next site says no special characters so now my1stcarhonda90, then the next site says must have a capital letter, so My1stcarhonda90, so this may be a good suggestion, but see the combinations for sites continues to change.

      Some sites/programs require you to change every so often, (3 months, 6 months, 12 months) and do not allow you to reuse a password again.

      A good idea is keep work passwords different than personal passwords.

    • JM | February 25, 2018 at 1:17 am

      I agree some of this info is dweary!
      What do I do with passwords? First of all, I don’t trust those online password manager programs. NOTHING is secure online!! So I created a Word document and saved it to my desktop. Most of the passwords are not connected to my business. I”’m a sole proprietor with no employees and no customers. My passwords are for online busnesses I use. Yes, I use my dog’s name in some passwords, but the name is from another language, so although it uses regular letters, the odd spelling will probably deter hackers. At one point I had 3 cats and 2 dogs. I created passwords using 1 or 2 letters of each pet’s name and added a number. Security checks always indicated they were strong.
      I strongly recommend NEVER save passwoords online. One day a hacker will breack their security wall, and you’ll loose EVERYTHING!

    • Bob | February 26, 2018 at 12:38 pm

      I agree with the concept of the phrase. It is much easier to remember, at least for me. A friend showed me his system and he never has to write them down. His system is: This is myHartford21pw!

      This turns into TimHartford21pw!

      The Tim is: this is my, Hartford is the company you are signing into, 21 is a random number you choose and always use, pw stands for password and he always uses an !

      Not perfect, but pretty good and he doesn’t write them down anywhere.

    • ASB | May 22, 2018 at 8:08 pm

      The key points to password management in the 21st century (or, at least, this part of the century) is the following:

      – Use a password manager
      – Don’t reuse passwords across multiple sites
      – Definitely don’t reuse passwords across sites of different trust levels (your online banking & some social media account)
      – Since you’re using a password manager anyway, consider random password
      – Keep your passwords safe and backed up


3 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *