How Weak Passwords Put Organizations at Risk
Weak passwords are a phenomenon that somehow still exists, even after two decades of the internet being mainstream.
Businesses from all sectors rely on digital tools to operate. And each new tool or account requires new credentials. As your organization grows, so does the amount of sensitive data and the need for better cybersecurity.
That’s why it’s high time we talked about the downsides of not having a firm grip on your credentials.
Common password mistakes
Believe it or not, a large number of employees still use weak passwords or write their passwords down in their notes. Most of the time, people don’t even think twice when asked to set a password for a new account. This leads to the creation of simple passwords and ultimately compromises the security of the account and the entire organization.
Another quite common mistake is using the same password for more than one account. At first, this seems like a nice way to handle all accounts. But, once you lose a single account to scammers or hackers, you lose them all.
Reusing old passwords isn’t the way to go either. Old accounts and old passwords can be compromised during data breaches. So, reusing those old passwords can get you into quite a pickle if someone decides to dig through old data breach logs.
The habits mentioned above can cause big problems for organizations, and it’s about time to drop them. Let’s take a closer look at why easy passwords are a big problem, even if they aren’t reused.
Simple passwords are an easy target
In an organization, chances are that multiple people will be using the same accounts. While it may seem like a good idea to create a simple password everyone can remember, try not to fall into this trap. Uncomplicated passwords are usually breached through one of three methods:
- Phishing – a social engineering method where the scammer gets your password through false representation.
- Brute force attacks – a program tries out many combinations until it guesses your password. This is especially dangerous with simple passwords.
- Dictionary attack – hackers might create a dictionary of possible words used in employee passwords. For example, the “dictionary” may include information like company name, country, employee names, birth years, etc. That’s why everyone should avoid using personal information in passwords.
Losing control over your organization’s passwords (and, by extension, your accounts) can set you back months, even years. Lost accounts are rarely retrieved unless it’s an account with a larger company.
Even if your organization can’t afford a full IT network security team, there are things you can do to enhance your password security right now.
Creating and managing sturdy passwords
Here’s where to start:
- Use special characters – since passwords can get hacked through brute force or dictionary attacks, it would be best to use special symbols at least twice in your password.
- Avoid sequential numbers – putting sequential numbers into your password can get it cracked faster.
- Use numbers and capital letters – this will make the password more complex and lower the chance of it being guessed.
- Don’t put your personal info into your password – most targeted hacks start from familiar info like date of birth, pet name, nickname, or similar.
- Avoid using memorable keyboard patterns – “qwerty” or “asdfg” may seem random enough phrases, but to a password-breaking algorithm, they aren’t.
All of this can be a little overwhelming. As your organization scales up, so must your password-protection game. More people on board means more cybersecurity risks.
If you and your employees are having a hard time creating and managing passwords, a password manager can help you create, store, and apply complex passwords when needed. Just make sure that everyone is in the loop and knows how to use it.
Prevention Is Key
Once your password gets compromised, you may never retrieve the account. Hacks, scams, and data breaches are getting more intricate by the day. That’s why we all need to take a moment and step up our password game.
Create complex passwords, don’t reuse old ones, avoid personal info, and use a password manager.
You will save your organization a lot of time and money!