Hackers are after the keys to your kingdom. And too many businesses just like yours are giving them away freely.
Your insecure passwords and login credentials are the easiest way hackers can sneak into your accounts. Nearly one-third of all data breaches involve stolen credentials, and an astounding 80% of hacking-related breaches involve stolen or weak passwords, according to Verizon’s Data Breach Investigations Report.
Unfortunately, your team (and admit it, you’re probably guilty too) is using weak passwords and bad password practices that are putting your business at risk.
Here are our top password etiquette tips for creating secure passwords that will help protect your accounts, personal information, and sensitive business data.
1. Don’t Use Easy-to-Guess Passwords
If you’re using a password like ‘12345’ or ‘qwerty,’ you’re practically inviting the hacker with a neon sign. It only takes cybercriminals a few seconds to hack these simple, common passwords.
While it should be obvious that ‘password’ is not a secure password, people continue to use laughably weak or default passwords, because they’re easy to remember. Avoid using dictionary words, number sequences, or simple patterns as passwords. If you see your password (or a close variation) on this list of 2019’s worst passwords, you need to change it immediately.
2. Don’t Use Personal Information
Avoid using personal information like birthdays, addresses, or names of your kids or pets as your password. Hackers are smart enough to check your social media accounts and look for personal information that you share.
Remember, social media poses a huge security risk for you and your business. How often have you seen those viral survey posts where people share their favorite movies and music, or their past schools, or places they’ve lived? While it may seem fun to share that with your friends, you’re giving hackers enormous hints to guess your passwords.
3. Use Long Passwords
One of the tried-and-true ways hackers get your credentials is with a brute force attack, which is essentially a trial-and-error attempt to guess your password. The longer and more complex your password, the harder it is to crack.
To create a strong password, use a variety of numbers, symbols, and upper and lowercase letters. Longer is typically better, but most sites require a minimum password lengthof 8-10 characters.
4. Try Passphrases
One way to create secure yet memorable passwords is to use passphrases. For example: “ilovetorun@5:30AM”. It’s easier to remember than a typical password, and you can still include numbers, symbols, and other characters.
If the site allows it, you can even use a nonsense phrase of random words with spaces or stop characters in between, which makes your password practically impossible to guess.
5. Don’t Reuse Passwords
You probably know that you’re not supposed to reuse the same password, but if you’re like most people, you do anyway. A study by Google showed that 65% of people still use the same password on some (or ALL) of their accounts.
This habit is dangerously reckless because it means that once a hacker gains access to one of your accounts, they can easily infiltrate others. Imagine if someone hacked your email and suddenly had control of your credit card and your bank accounts too.
What’s worse, many people share passwords across work and personal accounts as well, so if any of your employees gets hacked, your business network may also be at risk.
6. Use a Password Manager
Unless you have a photographic memory, you probably can’t remember hundreds of unique passwords for all the sites you use (especially if they’re all strong, complex passwords).
Instead, use a password manager to store all your passwords. That way, you only need to remember one master password. Once you have a single place for all your passwords, you can even use a password generator to create truly random passwords, which are the most secure.
We can set your team up with a business-grade password manager that will make it easy and secure to give your employees the access they need from anywhere. Contact us for a quote.
7. Don’t Share Your Password
Even having the most secure password in the world won’t help you if you give it away.
Certainly, don’t write your passwords on Post-It notes or email them to your coworkers. However, you may be sharing your password in other, less-obvious ways that you don’t realize. Here are a few tips:
- Learn to identify and avoid phishing emails—these are how many hackers trick you into giving up your credentials
- Avoid entering passwords on public computers, or over unsecured Wi-Fi connections—hackers can intercept these
- Lock your computer and don’t leave your mobile devices lying around when you’re not using them—even a well-meaning coworker or family member could accidentally cause a data breach.
8. Use Two-Factor Authentication
Two-Factor Authentication (2FA) adds an extra layer of security so that even if a hacker gets your password, they won’t be able to access your account.
Usually, this is a code sent by voice or text message to your mobile device. We’re also starting to see other biometric-based technologies like fingerprint scans or facial recognition.
While these extra steps might seem like a pain, 2FA is a no-brainer that every company should implement to protect their sensitive accounts.
9. Change Passwords Regularly
Unfortunately, even if you do all the right things, there’s no guarantee you won’t get hacked. If your credentials are compromised, the simplest way to kick the hacker out is to change your password.
Make it a habit to regularly change your password to make it as hard as possible for the hackers. It’s worth a little inconvenience now to avoid the headache of a major data disaster down the road.
Avoid Falling Victim to Poor Password Practices, and Catch Hackers the Instant They Strike
Poor password etiquette is happening, and it’s creating holes in your business’s defenses. Hackers may exploit those weaknesses at any time, and the worst part is, you don’t even know when it happens.
With our new Password Watchdog service, we’ll scan the Dark Web and let you know immediately if the bad guys get your passwords. We’ll even help educate and train your employees, so they become your first line of defense.
Request a free scan today to find out if YOUR passwords are secure.