Cyber Awareness 101: Lessons in Password Security
Here’s a riddle for you: One of your company's biggest security threats is only about 3" wide and 3" tall and has a small strip of adhesive on the back. What is it?
Have you figured it out yet?
It’s the sticky note that one of your employees has scrawled their password on and stuck in their wallet.
The infamous “password post-it” and other poor password security practices are hardly uncommon. In a study published in 2023, Keeper Security discovered that 75% of the internet users they polled across the US, UK, France, and Germany did not adhere to password best practices. Poor password practice doesn't happen only at home—each year, hundreds of businesses become the victims of cybercrime due to an employee's failure to maintain proper password security.
This month, we’ll examine some password security best practices that you can implement in the workplace and in your personal life to help keep your company's and your family's private information private.
Password Security Tip #1: Never Share Passwords
This one should be a no-brainer, but it’s one of the most violated rules of password security. Sharing passwords is never a good idea. Even your IT team shouldn’t ever need to ask you for a password; that information should be yours and yours alone. There are a few reasons never to share a password, even with a trusted friend or colleague:
- If you share your password in an email or written note, it can be intercepted and used by a bad actor
- If your “trusted friend” turns out not to be so trustworthy, you could be held responsible for their unscrupulous actions
- Other peoples' secrets are less important than our own. When you entrust your password to someone, you're also entrusting it to anyone else they might tell.
Password Security Tip #2: Never Reuse Passwords
Cybersecurity becomes a lot more critical when you realize this fact: statistically speaking, you will be the victim of a data breach. It is a near certainty that, no matter how careful you are, one or more of your passwords will be compromised at some point in the future. What happens after that breach is somewhat up to you.
By using a different password for each of your online platforms and accounts, the damage from a compromised password is limited to a single platform only. When you join the vast majority of internet users in reusing one password for multiple platforms, you’re inviting any single data breach to open the door to your entire digital life.
There's a surprising statistic behind this tip. When it comes to reusing passwords, Baby Boomers do a better job than Gen Z—29% of Boomers use unique passwords for each account, while only 20% of Gen Z users take the same precaution.
Password Security Tip #3: Use Good Passwords
There are a few different schools of thought as to what constitutes a “good” password, but there are some general rules of thumb that can be applied in most situations:
Longer Is Better Than More Complex
The strength of a given password has far more to do with its length than how many different types of characters it contains or how random the password “looks.” Passwords of 16 or more characters are preferable whenever possible.
Passwords Should Be Easy to Remember, Hard to Hack
For a bad actor using modern password-cracking tools, it takes almost exactly as long to break #g8Fb) as it does to break 123456. But cracking capital-sticky-emotion-tango takes exponentially more time and effort than either one. Between #g8Fb) and capital-sticky-emotion-tango, which are you more likely to remember?
Long strings of unrelated words (sometimes called passphrases) are both more secure and easier to remember than random agglomerations of characters.
Don’t! Use! Your! Birthday!
There is still a disturbingly large chunk of the population that uses their birthdate, street address, mother’s maiden name, or other personal information as a password. That’s an engraved invitation for any bad actor with access to Facebook to do a tiny bit of research and guess their way directly into your valuable data.
Password Security Tip #4: Use Multifactor Authentication
You may have been prompted to set up multifactor authentication (MFA) on some of your favorite websites or apps. You may even have been required to use MFA on some platforms. If you've ever entered your password and then been sent a text with a unique code to type in before you access any data, you’ve used MFA.
MFA is one of the absolute best ways to ensure password security. With most MFA schemes, a user must not only provide the correct password but also have access to a specific computer, phone number, or other device in order to log into an account. If a malicious user gets access to your password, it will do them no good unless they can also, for instance, steal and unlock your cell phone.
Password Security Tip #5: Manage Your Passwords
The main reason people fail to adhere to Tips #2 and #3 is simple: people today have dozens, if not hundreds, of different accounts to manage online. Take a minute to start jotting down all of the different digital accounts you access on a daily basis:
- Personal email
- Work email
- Business platforms
- Social media accounts
- Shopping websites
- Streaming services
It will take you only a little while to reach double digits. Remembering that many strong passwords is a chore. It's much easier to pick one or two short, easy-to-remember passwords and use them for everything.
Using a password manager is an easy way to keep track of multiple strong passwords without having to remember them all. Instead, each of your accounts' passwords is stored in a digital "vault," itself protected by a single master password. Once all of your accounts are loaded into the vault, you only have to remember your master password, and your password manager will automatically insert the correct password on all of your login screens.
There are several exceptional password managers available for personal and business users, each providing enhanced security for users with multiple accounts.
Need to Improve Your Company’s Cyber Awareness? Schedule a Call, and Let Us Protect Your Data AND Your Business.
With cybersecurity services from Nocwing, you can rest assured that your company’s data is protected by a robust, next-generation stack of defenses, including human-monitored threat detection. Our team also understands password security and can implement a company-wide password manager to help ensure that your team’s passwords don’t fall into the wrong hands.
Nocwing is a full-service managed IT services company based in Griffin, Georgia, providing robust cybersecurity, IT management, business continuity/disaster recovery, user support, and VoIP solutions for companies throughout the Southeastern United States.