Information Security | Awareness
When “Louvre” is a password and “123456” remains a classic – why convenience still beats security
In October 2025, a spectacular break-in at the Louvre in Paris made headlines around the world. Jewels worth over 100 million US dollars disappeared, and the perpetrators apparently did not need any highly sophisticated hacking skills. The video surveillance system was protected by easy-to-guess login credentials, including, of all things, the password “Louvre”. What is astonishing is less the break-in itself than the fact that, despite years of warnings, countless cyberattacks and growing security awareness, probably the most famous museum in the world opted for one of the most obvious passwords.
A name is NEVER a password!
What sounds like an isolated incident is harsh reality in everyday digital life. Both private individuals and organisations repeatedly choose passwords that are easy to guess and often even publicly known or intuitively obvious. These exact combinations are at the very top of the list of first attempts in attacks.
The core problem: millions still use the same weak passwords
The password management company NordPass publishes an annual list of the most common passwords worldwide, based on data from real data breaches. The results are sobering: even in 2025, simple numerical combinations and standard words still top the list of the most popular passwords.
The top passwords you should absolutely avoid
According to NordPass and other password analyses, the most commonly used passwords include: 123456, admin, 12345678, password and qwerty123 and that is only the tip of the iceberg! These passwords are so simple that they can be guessed by automated tools in seconds or even less, without any active hacking skills.
Why we still use weak passwords
Why do millions of people still use passwords that are absurdly simple? One reason is that we have more and more accounts and have to remember hundreds of passwords. This password fatigue effect leads many to choose the most convenient, universal option rather than the most secure one. This convenience endangers not only individual user accounts but the security of digital systems in general.
Cybersecurity is responsibility – digital and physical
A single weak password can render even highly advanced security concepts ineffective, even when modern firewalls, encryption and surveillance systems are in use. The Louvre case clearly shows that physical protection measures and digital access controls are inextricably linked. If a password is too simple, the gate is practically wide open for attackers.
Best practices: how to protect your passwords properly
To avoid obvious security gaps, there are a few basic rules that anyone can implement immediately, regardless of industry or technical setup:
- Use complex and unique passwords
A secure password should be at least 10 characters long and contain a combination of upper- and lower-case letters, numbers and special characters. - Check and change passwords regularly
Passwords should not remain unchanged for long periods. At the latest after a security incident or data breach, an immediate change is essential. Regular updates significantly reduce the risk that compromised credentials will continue to be used unnoticed. - Sustainable security is built on knowledge – not just rules
As important as technical password rules are, sustainable cybersecurity starts with people. Phishing, social engineering or unsafe habits can only be avoided if employees understand how attacks work and what matters in everyday practice. That is why regular staff training is a central component of effective cybersecurity.
This is exactly where our cybersecurity courses come in. In addition to advanced rules on password protection in our Basic Training Cybersecurity, we also offer targeted training on Phishing, Social Engineering and Deepfakes. We provide practical knowledge about real threats, typical attack methods and secure behaviour in everyday working life.
Strong passwords are no longer a nice-to-have, but a necessity in a digital world.