Happy World Password Day! Since 2013, the first Thursday in May has been designated as a day to promote safe password practices and revisit the steps we should take to keep our password secure.
Just how important are strong passwords? Let’s start with a few statistics:
- More than 24 billion passwords were hacked in 2022
- Most people (more than two-thirds) use the same password for multiple accounts
- Less than half of people who are active online believe their passwords are safe.
- Still, the most common passwords remain easily guessed phrases, words, or number strings like 12345, admin, or password.
There is some good news, however. An encouraging 85% of people use multi-factor authentication, and the number of people using a password manager has slowly risen from 15% in 2020 to 34% in 2023.
Password Safety: It’s in Your Hands
Even with these increases, however, there is clearly still work to do when it comes to protecting information online. In honor of World Password Day, let’s review some password do’s and don’ts.
Password Creation
It’s tempting to create passwords that are easy to remember, such as a date, name, or sequential string of numbers. These are simple for hackers to guess, and can be easily hacked. Instead, focus on creating strong passwords that will stop cyber attackers before they get into your system.
- Do: Create unique passwords that have at least 12 characters, using a combination of letters, numbers and symbols.
- Don’t: Use easily guessed passwords or personal information like names, birthdays, pet’s names.
- Why: The more complex a password is, the harder it will be for a hacker to guess it or crack it with a brute force attack.
Changing Passwords
You may have heard that frequent password changes are necessary to prevent hacking. According to the National Institute of Standards and Technology, however, this advice is outdated. New guidelines now recommend that passwords only be changed if they are compromised.
- Do: Create strong, unique passwords or passphrases. Change them only if they have been compromised.
- Don’t: Require frequent changes.
- Why: Studies show that people tend to choose weaker (i.e., easy to remember) passwords if they are required to change them frequently.
Unique Passwords
If you’ve heard it once, you’ve likely heard it a thousand times: create unique passwords for every account. Unfortunately, only 12% of people actually follow that advice all the time. The problem with reusing passwords is that if it is compromised in one place, a hacker can access multiple accounts. If you use your password for both work and personal accounts, the damage can spread even further.
- Do: Use a unique password for every account.
- Don’t: Reuse passwords or change just one character in a password so it is easier to remember.
- Why: The more accounts that share a password, the easier it is for attackers to steal data, identity, or financial information.
Passwords At Work
Risky password behavior with your personal accounts affects only your own information. That same behavior for your work accounts, however, can put your entire organization at risk. Far too many employees share credentials with colleagues, use the same passwords for personal and work accounts, use weak passwords, and engage in other poor password practices. Even IT personnel are not immune. According to a 2023 study by Bitwarden, 41% of IT decision makers have shared passwords by email, and 54% store their passwords in a document on their computer.
Organizations can address poor password hygiene at work by requiring password training, using password managers, and removing local admin rights.
- Do: Use a password manager to enforce good password practices. Provide password training for all employees.
- Don’t: Give unlimited admin access to any user accounts. Instead, use a privileged access management (PAM) tool to provide access on a least-privilege basis.
- Why: Data breaches present a significant risk for organizations, and that risk is on the rise. The best way to protect your system is to use tools that automate security and prevent risks.
Lock Down Your System with a Password Manager
Ramping up your password security is one of the most important ways you can protect your organization’s data from theft. The best way to do that is with a password manager.
At CyberFOX, we help you lock down your system against attackers while still enabling team members to access and share the passwords they need securely. Our password manager ensures the highest level of password security without disrupting workflows or causing unnecessary frustration.
Contact us today to learn more!