If checking into a hotel or dining out, people might assume their personal data is safe. But a new study by NordPass, in collaboration with NordStellar, reveals that many hospitality businesses are guarding their digital systems with shockingly weak passwords.
From hotel reservation platforms to restaurant point-of-sale systems, the research exposes an industry-wide habit of reusing predictable, outdated, or brand-specific passwords. Entries like “Reservations2022,” “Comfortinn4,” and “Ramada@123” were found among the most commonly used, making it alarmingly easy for cybercriminals to gain access to sensitive information.
Guest data unsafe from cybercriminals
“In hotels and restaurants, guests expect great service – not for their personal data to be on the menu. When weak passwords are used to protect booking systems, POS terminals, or staff accounts, it’s an open invitation to cybercriminals,” says Karolis Arbaciauskas, Head of Business Product at NordPass.
Top 20 not-so-secrect passwords in hospitality
The following list highlights the most frequent passwords used by hospitality businesses - a stark reminder of the urgent need to improve password hygiene in this critical industry:
1. THINKIN2023
2. 123456
3. Ids@1001
4. reservations2019
5. Reservations2022
6. developer2
7. Ramada@123
8. 12345678
9. abanico12
10. Reservations2021!
11. P@ssw0rd
12. 123456789
13. Comfortinn4
14. V1n1c1u5
15. GrandE@2022@
16. 1234
17. Always4u!
18. Zone@1234
19. reservations2021
20. M@$ter1318
The presence of multiple “reservations” variants and brand-related terms suggests that many businesses still lack clear password hygiene policies.
Securing client data
Despite intensifying cyber risks, many hospitality businesses, especially smaller ones, lack awareness on why they should and how they should secure clients’ data. NordPass recommends that the hospitality sector take urgent steps to improve its cybersecurity posture:
- Provide regular employee training on cybersecurity. Educating staff on password hygiene and cyber risks helps build a security-aware culture and reduces human error.
- Avoid company names, dates, or role-specific terms in passwords. These are easy for hackers to guess or find through social engineering and should never be used.
- Enable multi-factor authentication (MFA). Adding an extra layer of verification helps protect accounts even if a password is compromised.
- Adopt secure password managers for teams. Password managers simplify the creation and storage of strong passwords, ensuring everyone follows best security practices.
What is NordPass
NordPass is a password manager for both business and consumer clients. It's powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers.
All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app.
Discover how AI, biometrics, and analytics are transforming casino security
