Passwords are beyond any doubt the weakest form of authentication, however, they still remain the most prevalent. Is it a force of habit for employees to have weak passwords, perhaps or is it even laziness.
Here are the top 5 things to teach your employees about password security:
1. Regular Password Changes
Changing your password on a regular basis can help you avoid a number of dangers. Simply changing your password can prevent a hacker from having constant access to your data. Using the same password for a long stretch of time increases the chances of someone guessing your password.
Whether it’s someone watching you type it in several times or repeatedly trying to guess it. Never save your passwords, if you ever switched computers with anyone or let them borrow your device they will have full access to your data.
Giving someone a computer with saved passwords is practically giving them access to your accounts. When changing passwords try to be a little creative don't just add a number or a letter onto your previous password it’s pointless.
I’m sure you’ve heard the phrase “quality over quantity” this relates to passwords as well, having a good quality password is much more valuable than having a long simple password that hackers will easily guess. Try to use random combinations of letters, numbers, and symbols and try to avoid simple words and any personal information such as dates, names, and addresses this information will be known by the majority of your employees.
"The average internet user has 25 online accounts, 6.5 passwords and waits an average of 3.1 months before changing passwords."
2. Don't be a password walker
Researchers have noticed a high frequency of passwords containing specific numbers, letters, and symbols that are adjacent to one another on the keyboard. This is known as password walking. When end users password walk they are creating passwords that are far from secure.
Hackers are very aware of this trend and can easily gain access to your device. The prevalence of password walking is worrying and should make anyone to take a look at their password choices. Remember to stay away from the obvious password choices like “qwerty” and “12345” anyone could guess that without a second thought. No matter how convenient this may be, to save a few seconds it is just not worth the loss of your personal data.
To have good password security just simply create random and unique passwords, choosing a bunch of adjacent characters on a keyword will just not cut it I’m afraid.
3. Educates your employees on strong password security
Employees have a tendency to re-use the same passwords over multiple accounts, so when one site is compromised, it reveals that individuals password across all of the sites it has been used on. By educating your employees on why good passwords are essential, you may find them more amenable to following the best practices.
Implementing a good security awareness programme will educate your employees on the best and worst password choices, why you shouldn’t share passwords, as well as how password hygiene can protect your data. Creating varying password policies will inform employees on what their choice of passwords should be like as well as warn them about the dangers of a simple password.
As well as educating employees and implementing a password policy, another good tip is to get your employees to download a password vault, they are applications that help users store and organise passwords.
4. Use different passwords for all of your accounts
Let’s face it, if you have several online accounts, (which I’m sure you all do) it is hard to remember different passwords for all of them, so people result to the easiest option, and use the same password for everything.
While it may be convenient for you to have one strong password for all of your accounts it’s also convenient for a cyber criminal as well, all it takes is one of your accounts getting compromised to make all of your other accounts vulnerable.
To stop a hacker from gaining access simply use more than one variation on all of your passwords to save your data. Hackers are very clever people, they know that if you use a password for social networking sites you are bound to use it for more secure websites such as banking.
There have been many news stories about websites such as LinkedIn and Yahoo have been compromised and passwords were stolen. If it is happening to these major websites, passwords are most certainly being swiped from small websites as well. These simple passwords can give a cyber criminal access to all of your accounts, they could gain access to your money and personal data.
"73% of users have the same password for multiple accounts"
5. Implement 2FA/MFA
It's time to say goodbye to the plain old passwords and start implementing two-factor authentication or even multi-factor authentication- the more the merrier. While we use passwords for pretty much everything- from banking and social accounts to email, most of us still aren’t using basic best practices for creating strong passwords. This increases vulnerability to the maximum and makes it very easy for hackers to steal your passwords as well as your data.
This is where 2FA comes in, it adds a second layer of defence, this means that if someone has acquired your password, it will still be difficult for them to gain access to your accounts as they will need the other factor to authenticate.
Multi-factor authentication is a step up from two-factor authentication. It's user-friendly and very simple to set up. Many Businesses that use two or more different factors are typically considered stronger than those that only use factor. With many companies becoming mobile and applications moving to the cloud you can no longer on physical access protection to secure your digital information.
Many companies are already taking steps to improving their password security to both reduce the burden on employees and improve password security. Keep in mind that these tactics can be defeated, but the idea is to make yourself a hard target for a hacker to penetrate.
It's easy to forget passwords. People will use simple words, such as family or pet names and easy to remember dates such as birthdays. This is probably the worst thing you can possibly do, remember a hacker is a very intelligent person, they will spend time researching your social media accounts and any form of personal information they can find on third party websites. This can give them an idea as to what your passwords might be. As discussed above there are a few simple steps you can take to mitigate the risk of your data being compromised:
Regular password changes
Don't be a password walker
Educate your employees on strong password security
Use different passwords for all of your accounts