5 Simple Ways to Strengthen Your Passwords
Editor’s note: This article was originally published in 2019, but has been updated to include new content.
Most business leaders understand the importance of protecting company and customer data. The average cost of a data breach exceeds $4 million (US). Add in the potential damage to your business reputation, and the effects can be devastating.
Businesses can no longer afford to overlook even the simplest ways to protect information.
Something as simple as access to login credentials could provide a pathway for nefarious actors to access your IT infrastructure. This can put your organization at increased risk of ransomware or another type of data breach.
The good news is that an easy and effective way to improve cybersecurity is to follow best practices for your passwords. Brute-force attacks are increasing every year, so it’s important to implement strong passwords that reflect the latest trends in security.
As a managed IT support provider, we’ve seen first-hand how strong passwords can help mitigate cyber attacks. We’ve also seen the effects of not having strong passwords in place.
This article will highlight 5 simple things you can do today to strengthen passwords within your organization and create another layer of security.
Implement Strong Passwords (5 Simple Ways)
Strong passwords are like the locks on your door or your home alarm system. They won’t guarantee full protection, but they will serve as a strong deterrent. Here are some things to keep in mind:
1. Never Share Passwords
This should go without saying and may seem simplistic, but it bears repeating. Don’t share your passwords. Ever.
It can be tempting when someone is helping you with an assignment to share your password, but it is never a good idea.
It’s like posting a picture on the internet. Once you share it, you lose control of it. It provides an open door for people with bad intentions to access your information and cause damage to your organization (and make it look like you are the culprit).
Would you leave the keys to your house outside? Maybe nobody will notice or use them to gain access to your home, but are you willing to take that chance?
2. Don’t Use Personal Information
With the increased proliferation of social media, anyone can access personal information that has been posted online. Avoid using your pet’s name, your hometown, the name of your spouse (or child/ren), your college, your favorite sports team, etc.
These things can be easily accessed on social media and are a hacker’s dream. With little effort, they can easily exploit that information in a variety of social engineering attacks.
3. Consider Using A Passphrase
Remember when password best practices just included suggestions like "add a number or a special character" to a long word?
Cyber criminals broke that strategy a long time ago and, for a number of reasons, a single word password with an extra special character or number simply doesn't cut it anymore.
A passphrase is basically just a couple of words or even a whole sentence that you use as your password.
Consider a combination of gibberish words (like a Doctor Seuss phrase) or a combination of other words. Spelling words incorrectly is effective, too, along with adding numbers and special characters.
While longer passwords are harder to crack, complexity is important, too!
Ultimately, the goal is to use passwords that are hard to guess, but easy to remember.
4. Use Unique Passwords For Each Account
According to a Web tribunal blog article, 50 percent of people use the same passwords for all of their logins and “123456” is the most common password in the world.
And, Lastpass reports that 92 percent of people know that using the same password or a variation is a risk, but 65 percent still do it anyway.
This means that people are willing to take the risk to make their lives easier. While it’s understandable, it also means you need to understand the real risk profile of your organization.
By ensuring that users use unique passwords for each account – and we don't mean just changing a single number or character – you can minimize the possible damage that could be done in the event that your credentials are exposed in some way.
5. Think About Using A Password Manager
Many organizations have adopted the use of password managers to strike a balance between securely storing passwords and making life easier for users.
Password managers store all other passwords in one place. By entering one strong master password to sign into the password manager, users then have automated access to all of their other passwords.
This helps eliminate the possibility of finding passwords scribbled on sticky notes attached to monitors around your office - which happens more than you’d like to believe and is a big password (and security) no-no.
Just remember to establish a strong master password to protect that password manager or all that effort and security will be wasted.
What Else Can You Do To Enhance The Security Of Your IT?
After reading this article, you have a better understanding of 5 simple steps you can take today to strengthen the passwords used in your organization.
You know that it’s important to avoid sharing passwords and using personal information. You may be considering the use of passphrases, unique passwords, and password managers. You understand why each of these things is important.
At this point, you may be wondering what else you can do to beef up your IT security. Multi-factor authentication (MFA) is another tool that can help secure accounts, especially when paired with strong passwords.
With MFA, even if someone gets your login credentials and password, they would need an additional code to log in, providing an added layer of security.
Studies have shown that employee security awareness training for employees (including password best practices) helps educate them about their role in helping secure your organization. People often say that employees can be your weakest link or serve as an effective human firewall.
Read this article to learn more about some topics every security awareness training should include.
Considering offering employee security awareness training, but wondering how the cost stacks up against the benefit? Read this article: Employee Security Awareness Training: An Honest Cost-Benefit Analysis.
Ready to explore other ways to protect your IT infrastructure? Read this article: What Is Infrastructure Monitoring? How Does It Prevent Cyber Attacks?
Need help figuring out what additional security measures are right for your organization? There are IT support resources that can help.
At Kelser, for example, we offer comprehensive managed IT support that includes cybersecurity as well as device, network, and server monitoring and upgrades.
We know that managed IT isn’t the right solution for everyone, which is why we provide unbiased information in articles like these that business leaders can use to decide which option is best for your business.
To find out more about managed IT, read this article: What Is Managed IT Support? (Essential & Premium Services)
Or click on the button below and take the short quiz to find out if managed IT is the right solution for your business.