All it takes is one weak password to become the victim of a data breach. While most people realize the importance of strong passwords, many still fall into bad password habits that put their company’s data at risk.
Passwords are one of the most human components of any IT security apparatus, which is why hackers go after credentials so vigorously and sell databases full of usernames and passwords on the Dark Web.
80% of hacking-related data breaches are the result of weak or compromised passwords. (LastPass)
With password compromise being the main cause of hacking-related breaches, it stands to reason that securing your logins through password best practices can significantly reduce your company’s risk of having a data breach, along with other measures like managed IT security.
Let’s take a look at typical password bad habits and then go through password management tips that can help you correct them and safeguard your network and data.
What Bad Password Habits Should We Avoid?
Passwords are a part of life and we use them multiple times per day, that familiarity and need to get to where we’re going online quickly can breed some bad habits.
These can include:
- Using weak passwords
- Sharing passwords with others
- Writing passwords down near the device they’re used with
- Reusing the same password for multiple logins
- Never changing passwords
In Ponemon’s “The 2019 State of Password and Authentication Behaviors Report” several insights were gained into how we can better manage passwords. Some of the password bad habit statistics noted in the report were:
- 69% of employees admit sharing their passwords with others at work
- 51% of people say they reuse the same passwords across personal and business logins
- 57% of people say colleagues aren’t careful to avoid phishing scams
- Only 18% of respondents say their companies require use of a password manager
- For companies not using password managers, human memory was the number one way that organizations managed passwords
Tips to Help You Adopt Password Best Practices
Adopting and enforcing password best practices at your company will help you correct those bad habits and increase your overall data security by leaps and bounds. Here are our top tips to help you lock down logins and secure your technology infrastructure.
Require Strong, Unique Passwords
While most of us know that our passwords should be strong and include a combination of letters, numbers, symbols and both upper and lower-case letters, we still tend to make our passwords too weak so we can remember them.
It’s not enough to just tell employees to use strong passwords and not reuse them for multiple logins, it’s important to employ tools that allow you to force a strong password at creation. For example, in Office 365’s administration area you can set password complexity, so you’re not just relying on someone choosing to make a strong password, they can’t create one unless they do.
Use Multi-Factor Authentication
Multi-Factor authentication (MFA), also known as two-factor authentication(2FA), is one of the best ways to secure even weak passwords. MFA is available in just about any type of cloud solution available and what it does is require a second (or more) authentication method before it will complete login.
The most common is to set up your mobile phone to have a time-sensitive PIN sent via text when you enter your login credentials, then that PIN must be entered to complete the login. This means if a password has been compromised, the hacker still can’t get in without also having your smartphone to get the code.
Add Extra Protections to Accounts of Privileged Users
Certain employees require access to more sensitive information due to their position. For example, your human resources team will have access to personnel records that can include SSNs and other sensitive data, and your accounting department will have access to bank account details.
It’s smart to provide additional protections for user logins to particularly sensitive information that secures their credentials even further. For example, you may give them a different login URL than other users and only allow 1 to 2 failed login attempts before the account is locked.
Employing Password Managers
Two more telling statistics from the Ponemon report were that while 66% of respondents agreed protecting passwords was important, 51% of them said it was too difficult to manage passwords. That makes sense when you’re asking people to remember a different strong password for each of their logins, which can include multiple sites and applications.
A password manager solves this dilemma by requiring only a single password to access all the others. Password managers, like LastPass, 1Password, and Dashlane, offer multiple advantages, such as:
- Secure all your passwords in a password vault
- Only need one password to access all others
- Autofill credentials into login forms
- Will create strong passwords for new sign-ins
- Can be secured with MFA
- Allows administrators to access passwords across their organization
- Reduce time spent going through “forgot password” scenarios
What Are Your IT Security Weak Spots?
Poor password security is one of the many weak spots that a company may have when it comes to protecting their network against a devastating data breach.