Cloud Solutions,

An eulogy for Password123: You served us. You failed us. You will be missed.

NorthStack Digital
World Password Day 5 min read
An Eulogy for password123

We are gathered here today to say goodbye to a legend.

Not a good legend. Not a safe legend. But a legend nonetheless.

Password123 — or, as some knew you, password!, P@ssword1, or the season-and-year variation taped to an office monitor — you were the little credential that could. You were easy to remember. You were easy to type. You asked almost nothing of us.

You were also, and we say this with love, catastrophically bad at the one job you were given.

“Password123 was never the whole problem. It was the symptom of security being treated as something to get past.”

A life lived in plain text

You were born from a simple human truth: nobody wants to invent a secure new credential at 9 a.m. on a Monday when they are just trying to open the invoicing system.

You were there when we signed up for software we barely used. You were there when the password-reset prompt demanded a capital letter, a number and a symbol, and we simply capitalised the first letter and added an exclamation mark. You were there when the Wi-Fi password became the company name followed by the year the business opened.

You asked nothing of us. You judged no one.

And attackers were delighted by your hospitality.

The numbers, since we are here

The NordPass and NordStellar 2025 common-password report, based on aggregated data from public breaches and dark web repositories, placed 123456 at the top of the global list again. It has led the report in six of its seven editions. The word password remains among the usual suspects.

So let us remember a few of the colleagues who shared your particular approach to protection:

The fallen credentials
  • 123456 — less a lock than a welcome mat.
  • qwerty — a keyboard warm-up exercise masquerading as security.
  • password — honest about its purpose, unhelpful in every other way.
  • admin — the default that refused to retire.
  • CompanyName2026! — technically decorated, spiritually unchanged.

You were in good company, Password123. Terrible, terrible company.

The five stages of password grief

Stage 1
Denial

“Nobody is going to target me. I run a small business. I am not interesting.”

Stage 2
Anger

“Why do I need a capital letter, a number and a symbol? It is only a login.”

Stage 3
Bargaining

“What if I add our founding year? That is basically different.”

Stage 4
Depression

The moment a staff member cannot access an account, nobody knows who controls the recovery email, and the person who set it up left two years ago.

Stage 5
Acceptance

Fine. We will use a password manager. We will turn on multifactor authentication. We will stop sharing the same login over email.

What you leave behind

In your wake, Password123, you leave a complicated legacy.

You leave behind sticky notes on monitors. You leave behind spreadsheets called Passwords – Do Not Share that have somehow been shared with the whole team. You leave behind the person in every office who has to walk over and type a password personally because “it is complicated.” It is not complicated. It is just embarrassing.

You also leave behind a real business risk. Email, billing systems, cloud storage, website accounts and social media pages are all places where one compromised login can create expensive confusion very quickly.

The point is not to blame people for choosing memorable passwords. The point is to stop building business access around the hope that everyone will remember a different, excellent password for every system they use.

What should replace you

The funeral is funny. The replacement plan should be practical.

CISA recommends that small and medium-sized businesses require strong passwords, use a password manager and pair passwords with multifactor authentication. Its guidance is refreshingly simple: weak or stolen passwords are one of the easiest ways attackers get into business accounts.

Here is what that looks like in practice:

Use a password managerTools like 1Password, Bitwarden (free) or Dashlane generate and store unique credentials for every account. You remember one master password. It remembers the rest.

Turn on multifactor authenticationStart with your email, cloud storage, billing, banking and website admin. MFA makes a compromised password significantly harder to exploit — even when the password is already known.

Stop using shared loginsWhere individual staff accounts are available, use them. Shared logins mean you cannot revoke one person’s access without disrupting everyone else.

Review access when roles changeWhen someone leaves or changes roles, update their access immediately. Many breaches happen through accounts that were never properly closed.

Start moving toward passkeysWhere available, passkeys and FIDO/WebAuthn authentication eliminate the password entirely. CISA encourages organizations to plan toward phishing-resistant authentication where it is supported.

You do not need to do all of this at once. Start with a password manager and MFA on your email account. Those two changes address the majority of credential-related risk for a small business.

The bottom line

Here is the truth we must speak over your grave, Password123: you were never the whole problem. You were what happened when security was treated as somebody else’s job, or as a task to finish quickly before the real work could begin.

For a small business, a safer setup does not need to mean an elaborate security programme. It can begin with a password manager, MFA on critical accounts, individual access for staff and a clear record of who owns what.

So rest, old friend. The world is slowly moving toward passkeys, stronger authentication and login systems that do not ask one easily guessed word to protect an entire business.

We will always remember you. Particularly on the day somebody suggests using you again.

Ready to turn visits into leads?

NorthStack builds websites, SEO content, cloud systems, and automations that help businesses get found, trusted, and chosen.

Start the conversation
Cloud Security Cloud Solutions Technology Strategy World Password Day
Share

Continue reading

Technology Strategy Technology Assessment: From Chaos to Clarity 5 min read Cloud Solutions, What small business owners need to know about cloud security 9 min read Technology Strategy 7 signs your technology stack is holding your business back 7 min read