Why Passwords are Your Business’ Weakest Point

In today’s digital world, safeguarding your organization’s online assets is critical. Unfortunately, poor password hygiene practices by some employees cause problems for many small businesses, leaving them vulnerable to hackers.

Cybercriminals are constantly trying to find new ways to break into business systems. Sadly, too often, they succeed thanks to weak passwords. In fact, nearly 50% of cyberattacks last year involved weak or stolen passwords.* This calls for small businesses like yours to step up and take password security seriously and implement strong password policies.

Fortunately, there are a few best practices that you can follow to protect your business. Before we get into those, here are the top 10 most common passwords available on the dark web that you should avoid at all costs:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. Qwerty123

Password best practices

When your team is aware of password best practices, they can significantly ramp up your cybersecurity.

 Use a password manager

One of the most important things to keep your passwords safe is to use a password manager. A password manager helps you create and store strong passwords for all your online accounts. Password managers can also help you keep track of your passwords and ensure they are unique for each account.

Implement single sign-on (SSO)

Single sign-on is a popular password solution that allows users to access multiple applications with one set of credentials. This means that you only need to remember one password to access all your online accounts.

While SSO is a convenient solution, remember that all your accounts are only as secure as your SSO password. So, if you’re using SSO, make a strong, unique password that you don’t use for anything else.

Avoid reusing passwords on multiple accounts

If a hacker gains access to one of your accounts, they will try to use that same password to access your other accounts. By having different passwords for different accounts, you can limit the damage that a hacker can cause.

However, avoid jotting down your passwords on a piece of paper and instead depend on a safe solution like using a reliable password manager.

Make use of two-factor authentication (2FA)

One of the best ways to protect your online accounts is to use two-factor authentication (2FA). In addition to your password, 2FA requires you to enter a code from your phone or another device. Even if someone knows your password, this method makes it much more difficult for them to hack into your account.

While 2FA is not perfect, it is a robust security measure that can assist in the protection of your online accounts. We recommend that you begin using 2FA if you haven’t already. If you use 2FA, make sure each account has a strong and unique code.

Don’t use the information available on your social media

Many people use social media to connect with friends and family, stay up to date on current events or share their thoughts and experiences with others. However, social media can also be a source of valuable personal information for criminals.

When creating passwords, you must avoid using information easily obtainable on your social media accounts. This includes your name, birth date and other details that could be used to guess your password. By taking this precaution, you can help keep your accounts safe and secure.

Claritech can help you

As cyberattacks become more sophisticated, you may not be able to devote sufficient time and effort to combat them. As an IT service provider, Claritech can ensure your team creates strong passwords, stores them securely and changes them on a regular basis.

Schedule a no-obligation consultation with us today to learn more about how we can help protect you from poor password hygiene.

Now that you know how to keep your passwords safe, download our infographic by clicking here to learn how to keep your email inbox safe.

Source:

* Verizon DBIR 2022

12 Password Best Practices

With the business world heavily reliant on digitalization in this day and age, the use of technology in your organization is unavoidable. Although technology can undeniably give your business an advantage in increasingly competitive markets, there are many troublesome areas to keep an eye on. This is why interest in cybersecurity has risen in recent years.

Password protection is the best place to start if you want to ramp up your cybersecurity. Setting a password to secure an entity’s data is called password protection. Only those with passwords can access information or accounts once data is password-protected. However, because of the frequent use of passwords, people tend to overlook their significance and make careless mistakes, which could lead to breaches in security.

This makes it imperative for businesses to devise strategies to educate employees about best practices when using passwords.

6 Password “Don’ts”

Protect the confidentiality of your passwords by following these six password “don’ts”:

  1. Don’t write passwords on sticky notes (or in text files)

Although you may feel that writing down passwords improves password protection and makes it more difficult for someone to steal your passwords online, it can make it easier for someone to steal your passwords locally. Many users store their passwords in Outlook notes or Word or Excel files with obvious labeling. This is also not an ideal way to manage passwords, as there are many ways those files could be accessed without your knowledge (phishing is one of the more common). It is much better to use a password manager (see the “Do’s” section below).

  1. Don’t save passwords to your browser

This is because web browsers have traditionally been terrible at protecting passwords and other sensitive information like your name and credit card number. Web browsers can easily be compromised and a wide range of malware, browser extensions and software can extract sensitive data from them. If you’d like to see how exposed you are, type chrome://settings/passwords (or edge:) in your Chrome (or Edge) browser.

  1. Don’t iterate your password (for example, PowerWalker1 to PowerWalker2)

Although this is a common practice among digital users, it is unlikely to protect against sophisticated cyberthreats. Hackers have become far too intelligent and can crack iterated passwords in the blink of an eye.

  1. Don’t use the same password across multiple accounts

If you do so, you are handing cybercriminals a golden opportunity to exploit all your accounts. For example, when LinkedIn was hacked several years ago, millions of passwords were exposed. Many of those passwords are still in use today and can be actively exploited on other sites that use the same username/password combinations.

  1. Don’t capitalize the first letter of your password to meet the “one capitalized letter” requirement

Out of habit, most of us tend to capitalize the first letter of our passwords to conform with the “one capitalized letter” requirement. However, hackers are aware of this, making it easy for them to guess the capitalized letter’s position.

  1. Don’t use “!” to conform with the symbol requirement

However, if you must use it, don’t place it at the end of your password. Placing it anywhere else in the sequence makes your password more secure.

6 Passwords “Do’s”

Protect the confidentiality of your passwords by following these six password “do’s”:

  1. Create long, phrase-based passwords that exchange letters for numbers and symbols

For instance, if you choose “Honey, I shrunk the kids,” write it as “h0ney1$hrunkth3k!d$.” This makes your password harder for hackers to crack.

  1. Change critical passwords every three months

Passwords protecting sensitive data must be handled with caution because there is a lot at stake if they are compromised. If you use a password for a long time, hackers may have enough time to crack it and if it is exposed for whatever reason, your exposed password will be “in the wild” for a longer period. Therefore, make sure you change your critical passwords every three months.

  1. Change less critical passwords every six months

This necessitates determining which password is crucial and which is not. In any case, regardless of their criticality, changing your passwords every few months is a good practice.

  1. Use multifactor authentication

It’s your responsibility to do everything in your power to keep nefarious cybercriminals at bay. One of the best approaches is to barricade them with multiple layers of authentication.

  1. Always use passwords that are longer than eight characters and include numbers, letters and symbols

The more complicated things are for hackers, the better.

  1. Use a password manager

There are many reasons to use a reputable password manager. Here are some of the ones that come to mind:

  • It can relieve the burden of remembering a long list of passwords, freeing up time for more productive tasks.
  • It can generate random passwords of any length for auto-completing in new account sign-up forms.
  • There is some level of built-in phishing protection, as your password manager won’t recognize “micorsoft.com” and input your Microsoft credentials.

Need a password manager? We can help.

Adhering to password best practices requires constant vigilance and effort on your part. As a result, it is best to work with an expert IT provider like us who can help you boost your security and put your mind at ease. Contact us for a no-obligation consultation.