All it takes is one weak password to become the victim of a data breach. While most people realize the importance of strong passwords, many still fall into bad password habits that put their company’s data at risk.
Passwords are one of the most human components of any IT security apparatus, which is why hackers go after credentials so vigorously and sell databases full of usernames and passwords on the Dark Web.
80% of hacking-related data breaches are the result of weak or compromised passwords.
With password compromise being the main cause of hacking-related breaches, it stands to reason that securing your logins through password best practices can significantly reduce your company’s risk of having a data breach, along with other measures like managed IT security.
Let’s take a look at typical password bad habits and then go through password management tips that can help you correct them and safeguard your network and data.
Passwords are a part of life and we use them multiple times per day, that familiarity and need to get to where we’re going online quickly can breed some bad habits.
These can include:
In Ponemon’s “The 2019 State of Password and Authentication Behaviors Report” several insights were gained into how we can better manage passwords. Some of the password bad habit statistics noted in the report were:
Adopting and enforcing password best practices at your company will help you correct those bad habits and increase your overall data security by leaps and bounds. Here are our top tips to help you lock down logins and secure your technology infrastructure.
While most of us know that our passwords should be strong and include a combination of letters, numbers, symbols and both upper and lower-case letters, we still tend to make our passwords too weak so we can remember them.
It’s not enough to just tell employees to use strong passwords and not reuse them for multiple logins, it’s important to employ tools that allow you to force a strong password at creation. For example, in Office 365’s administration area you can set password complexity, so you’re not just relying on someone choosing to make a strong password, they can’t create one unless they do.
Multi-Factor authentication (MFA), also known as two-factor authentication(2FA), is one of the best ways to secure even weak passwords. MFA is available in just about any type of cloud solution available and what it does is require a second (or more) authentication method before it will complete login.
The most common is to set up your mobile phone to have a time-sensitive PIN sent via text when you enter your login credentials, then that PIN must be entered to complete the login. This means if a password has been compromised, the hacker still can’t get in without also having your smartphone to get the code.
Certain employees require access to more sensitive information due to their position, explain to them how to identify Signs of a Phishing Email or a probable issue on a suspicious web. For example, your human resources team will have access to personnel records that can include SSNs and other sensitive data, and your accounting department will have access to bank account details.
It’s smart to provide additional protections for user logins to particularly sensitive information that secures their credentials even further. For example, you may give them a different login URL than other users and only allow 1 to 2 failed login attempts before the account is locked.
Two more telling statistics from the Ponemon report were that while 66% of respondents agreed protecting passwords was important, 51% of them said it was too difficult to manage passwords. That makes sense when you’re asking people to remember a different strong password for each of their logins, which can include multiple sites and applications.
A password manager solves this dilemma by requiring only a single password to access all the others. Password managers, like LastPass, 1Password, and Dashlane, offer multiple advantages, such as:
Poor password security is one of the many weak spots that a company may have when it comes to protecting their network against a devastating data breach.
Get a free 21-Point Cyber Security Audit to minimize your risk and identify any weak links in your IT security infrastructure.
Schedule yours today by calling 1-833-4-NEURON or by using our webform.