Did you know that May 1st is World Password Day? This lesser-known holiday serves as the perfect reminder to evaluate your business’s password practices and ensure your accounts are secure. With so many new cyber attacks emerging at increasingly close intervals, you can’t afford to go without this careful evaluation and basic safety measures, like proper password hygiene.
In honor of the day, we’re doing our part to improve password security by reviewing 5 of the most common mistakes people make with their passwords—and how, with the help of managed cybersecurity services, you can avoid them in your business.
5 Common Password Mistakes
Don’t fall into the trap of these all-too-common password mistakes that will leave your business at a higher risk for breaches and attacks.
1. Using Weak or Common Passwords
Some of the most common passwords are strings of chronological numbers, “password”, and “admin”. While these may be easy to remember, they do very little to protect your accounts. Cybercriminals exploit weak passwords like these by using brute-force attacks, where automated tools systematically try password combinations until they gain unauthorized access.
Here are some tips for creating strong passwords
- Use a combination of capital and lowercase letters, numbers, and symbols.
- Be as random as possible. Don’t include personal information or common words like “admin”, “user”, or “password”.
- Shoot for longer rather than shorter—CISA suggests 16 characters minimum.
2. Reusing Passwords Across Multiple Accounts
Reusing passwords across multiple accounts poses a significant security risk because if one account is breached, attackers immediately have access to all of your other accounts. This hacking technique, known as credential stuffing, can make a single weak point snowball into multiple breaches, leading to potential identity theft, financial loss, or exposure of sensitive data.
To mitigate this risk, use a unique password for every account. A reliable password manager can help your team create and keep track of all of your different login information so you don’t have to remember them all on your own. Talk to your managed cybersecurity services provider for advice on which program would be best for your business.
3. Ignoring Multi-Factor Authentication (MFA)
MFA is one of the simplest and most powerful ways to add an extra layer of security to your business accounts. Yes, it may take longer to log in and feel a little inconvenient at first, but your team will soon get in the rhythm of using MFA, and it’s well worth the extra time. It’s estimated that doing so increases your protection from automated attacks by up to 99%.
You’ll be required to enter a code sent to your phone or email, scan your fingerprint, plug in some sort of token, or otherwise verify your identity when you log in, making your accounts extra secure. If you need additional help with MFA, contact a managed cybersecurity services provider for support.
4. Storing Passwords in Unsafe Places
It can be tempting (and convenient) to write passwords on sticky notes or have a master Google Doc of all your login information. However, these storage areas are incredibly insecure and very easy for others to access. Similarly, browsers’ built-in password storage can be risky, as they are often less secure and may be accessible to anyone with access to the device.
A safer alternative is to set up password manager accounts for all employees. Password managers can generate strong, unique credentials for different accounts, securely encrypting and storing each one. This reduces the likelihood of breaches and makes it easy for team members to keep track of their passwords.
5. Not Updating Passwords Regularly
Using outdated passwords significantly increases the risk of breaches, as they are more likely to have been exposed in past data leaks or may be vulnerable to brute-force attacks. Passwords should generally be updated every 3–6 months, depending on the sensitivity of the account. Consider establishing a password update policy and sending out reminders to help everyone stay secure.
Employees should also change their password anytime they need to share it with another employee, they notice unusual activity on their account, or a breach has been detected. Many managed cybersecurity services include password monitoring tools that can provide real-time alerts for these attacks and let you know when credentials have been compromised.
How Can I Improve My Password Security?
The best way to strengthen your business’s password security is to do the opposite of all of these mistakes: make unique, strong passwords for every account; enable MFA on all platforms; create and store credentials in a password manager; and update passwords often.
Creating a clear, detailed policy outlining all of these best practices can be a helpful way to let employees know exactly what they need to do to keep their accounts secure. Regular training meetings or info sessions can also keep them up-to-date on password policies and create a web of accountability for following best practices.
Your managed cybersecurity services provider can help you work out these policies, conduct training, and determine the best way to include password safety in your business.
Take Security to the Next Level with ICS
Proper password hygiene can serve as the perfect foundation for building the tight cybersecurity infrastructure you need to stay safe. From employee training to password manager support and more, ICS is here to help you build that foundation.
And when you’re ready to keep building, we’ll be there with our full suite of managed cybersecurity services and a strong commitment to your safety and success. Just give us a call to get started.