According to a SecureAuth survey, which was conducted at the beginning of 2020, 53% of participants used similar or identical passwords for more than 5 of their accounts. We have heard multiple times that our passwords should be unique and strong. This brings us to the question: if passwords are such a vital part of proper cybersecurity, why are most people so slow at adopting basic password hygiene?
Proper password hygiene is an important security technique that different businesses should take advantage of when it comes to protecting themselves and their employees from different possible cyberattacks or data leaks This article will explain exactly what password hygiene is and why it’s so important at the digital workplace.
What Does “proper password hygiene” Mean?
Proper password hygiene refers to making sure all passwords are unique, difficult, nearly impossible to guess, and tough to crack. Simply put, it is a collection of different rules and practices. When followed correctly, they might be able to help you keep business data safe from hackers.
The simplest ways to maintain proper password hygiene include setting difficult/long passwords, creating unique passwords for each account and, of course, not sharing passwords with outsiders.
What Are The Biggest Threats To Password Security?
There are several different ways a non-authorized person can get access to business passwords. Here are the most typical methods for passwords to be discovered by persons other than their owners:
Guessing
As ridiculous as it sounds, if your password is way too obvious, something like “password”, “12345678” or even your name, intruders might be able to guess it immediately.
Furthermore, if your password is related to you on a personal level, somebody who knows you might be able to guess it. According to different studies conducted in the United States, many US citizens have included either their name or birthday into their passwords.
Phishing Links
The most common technique to figure out somebody’s password is to make them tell you “voluntarily“. This can happen by convincing somebody to enter it into a fake website, often referred to as phishing. This approach has a significant advantage for hackers since it doesn’t matter how complex your password is. If you type your passwords, the deal is sealed. That’s why all users are often reminded to NOT open suspicious links.
Brute Force
A brute force attack happens when hackers use software to create thousands of potential passwords and attempt each of them. The most basic method is to just try to log in with each generated password: the resultant flood of password failures should be obvious for a system administrator to detect, but as hackers continue to utilize this strategy, it appears to be relatively successful.
Password Recovery Programs
A hacker may not need to get your password directly from you if they can persuade the authentication system to either send it to them or change it to something they prefer. This is a common tactic with online security systems that rely on the so-called “secret personal questions”. These questions can be “What is your favorite singer/book/author etc.” Remember, if you make such information public, intruders can easily get access to it.
Breach Of Data
If an online platform suffers a data breach, your personal information may be exposed on the internet. If you discover that your data has been affected as a result of a security breach, you should change your passwords right away. It is crucial to highlight that if you use the same password on many websites, fraudsters may exploit it to access other accounts.
How To Improve Password Hygiene?
After identifying the most likely dangers to passwords, organizations and their employees should adopt suitable behaviors and technology to mitigate those risks. The following measures will help keep passwords in check and minimize the potential harm that occurs when they are lost.
1. Use Strong Passwords
While we’ve been told for a decade that we need strong and long passwords made up of letters, digits, and symbols, people still fail to do so. To be safe, you might want to use unique 12-14-character passwords for each account. Remember, the longer the password, the harder it’ll be for hackers to guess it.
2. Use A Password Manager
A password manager is security software that can assist you in creating strong passwords and then store them in an encrypted safe place. Of course, you still need a password for the manager, but that will be the only password that you and your employees will need to remember. Ultimately, this software should help keep all business accounts secured with unique passwords.
3. 2FA (Two-factor authentication)
Two-factor authentication necessitates an additional step before the user may access their account. To guarantee that only the authorized users can log into the account, the person is usually sent a one-time verification code through either email or text message.
Most platforms allow users to disable 2FA for convenience. However, disabling 2FA only makes your accounts more exposed to intruders.
4. Avoid Using The Same Password
While it can be convenient to use the same password for several accounts, it makes it a piece of cake for hackers to crack your personal data. Do not make this mistake. Even if you consider your password to be strong and “unbreakable”, you should still develop separate passwords for each of your accounts.
5. Use Different Emails For Your Work Life And Personal Life
It is critical not to use the same email address for work and personal matters. For instance, if a work email is used for purposes like online shopping, employees are more likely to fall for a phishing scheme related to shopping. If they don’t use their work email for such purposes, they’ll probably be more suspicious of such emails.
Conclusion
Maintaining proper password hygiene will protect your business from being an easy target for dangerous hacker attacks. Admittedly, the harder it is to breach your information, the more likely an intruder will move on to their next victim.