Passwords – we all know their importance and why they need to be secure. So why do so many people still have trouble with hackers guessing their passwords and getting into their accounts? Well, it seems that not enough people are putting their knowledge of password security to use. Even when they aren’t using stereotypical weak passwords like ‘admin’ or 12345, people tend to latch onto a password they can remember and then reuse it for multiple accounts. According to a survey of 1600+ people in countries around the world including the United States, United Kingdom, Australia, and Japan that asked how they managed their passwords, a majority of people still chose ‘memory’ as their method. There are a lot of issues with that, so let’s dive in.

First of all, memory is unreliable. The only way you can really use ‘memory’ to manage your passwords is to either have several very simple passwords or few somewhat complicated passwords that you use for multiple accounts. Both are a big no-no for security. The first way offers passwords that are easy for hackers to decipher with simple brute force attacks and with the second way, once that password is revealed, consider all of the associated accounts at risk of being compromised. People understand the importance of strong, secure passwords, and yet, 59% still rely on their memory alone.

It’s bad enough that people have such poor password security on their personal accounts, but when those habits start to bleed into their work environment, the risks become much greater. If an employee uses the same passwords for both work and personal accounts or if they’re using work credentials for personal business, hackers can make those connections and then easily get into accounts and even the entire network. It’s simple math that the more a password is recycled, the greater chance it has of being compromised.

However, if employees have bad password management practices, some of the fault is on their employer. Businesses have an obligation to educate and empower employees on cybersecurity best practices to protect both themselves and their workers. If they aren’t providing the resources necessary to have enhanced password security and they experience a breach, they only have themselves to blame. That’s why businesses have to step up their game when it comes to password management, and there are a few ways they can do that:

• Require workers to change their passwords often
• Advise employees to never share passwords between work and personal accounts
• Implement a password manager
• Make two or multi-factor authentication mandatory
• Remove the use of passwords in favor of biometrics and authenticator apps to avoid password recycling altogether
• Ensure employees are given the proper education through a security awareness training program as part of onboarding and quarterly refresher courses.

Password mismanagement is one of the leading causes of security incidents and data breaches. By implementing certain protocols and systems, businesses can mitigate the risks to themselves and their employees.

For help keeping your organization more secure, contact the experts at TechGuard.