When it comes to cybersecurity, getting back to basics is just as important as buying the latest and greatest technology.
One of the most foundational basics is password security. In 2017, the Verizon Data Breach Report attributed 81% of data breaches to weak, compromised, or re-used passwords. We haven’t gotten much better since 80% of breaches in 2019 were attributed to the same cause. These statistics place bad passwords as one of the No. 1 causes of data breaches.
Putting strong passwords in place, as well as additional tools like password managers and multi-factor authentication, can go a long way to improving these statistics for your organization or home. For an organization, this means educating employees on best practices and encouraging them to enhance the strength of all the passwords they use.
That’s especially important, as a data breach now costs an organization an average $3.92 million, up 1.5% year over year. That’s a high cost for any organization. A small business might not be able to weather the high financial losses or the reputational hit as well as a larger enterprise.
There are some steps you can take to encourage secure password practices as an organization.
Utilize Strong Password and Passphrase Best Practices
Believe it or not, the most common passwords are still “123456,” “qwerty,” and “password.” Many people rely on these passwords because they’re quick to create and easy to remember. Choosing a strong password doesn’t have to be hard.
Some general guidelines include the following:
- Use a combination of numbers, letters, and symbols
- The longer, the better — try to have at least 8-12 characters in each password and passphrase
- Try to stay away from common words that can be found in the dictionary; instead, mixing letters, numbers, and symbols in a way that is easy to remember. For instance, “secur1ty” versus “security1” is generally considered more secure.
Take time to educate all employees on these practices. Set up a lunch-and-learn for existing employees or incorporate it into new hire training. Then, encourage them to put these practices to use, both across their corporate accounts and their accounts at home.
Don’t Rinse and Repeat
Just because you’ve created a secure password doesn’t mean you should use it everywhere. Use a unique password for every account you have, especially for banking, email, and other more sensitive accounts.
Using a secure password manager can make it a lot easier to keep track of unique passwords for each account. Some password managers even help with the creation of strong passwords, which can alleviate the worry of having to create one yourself. Companies can encourage users to seek out an encrypted password manager they prefer on their own, or even provide them a corporate option to use. Either option helps encourage users to follow security best practices.
Implement Two-Factor Authentication
Two-factor authentication takes password protection to a new level, which is why it is quickly becoming a standard across secure organizations. With two-factor authentication, users have to not only enter the correct password when they log in, but also confirm their identity through another means, like a mobile device or USB token. This process prevents hackers from guessing or brute-forcing a password to gain access to personal or corporate systems.
When you’re creating passwords for your accounts, always follow best practices, never repeat passwords, and implement two-factor authentication whenever possible.