We regularly remind our Washington, DC and Charlotte clients that while we provide top-notch information security services, their participation and commitment are vital to thwarting cyberthreats. Cybersecurity is a team effort, and no matter how good an IT services provider may be, they will fail to protect business data if the client doesn’t take their role in the security process seriously.
One of the things we discuss the most with our clients are password policies. Passwords are among the last lines of defense in an information system, and poor password habits can tend to lead to data loss or theft. This is why we always remind our clients to ditch these bad password habits:
Giving out login credentials
You should never share your login credentials. Passing these around is like passing around the combination to your safe. Anyone who knows your company’s login portal can simply type in your username and password on any computer and gain access to work files they shouldn’t be privy to. And even if that person doesn’t do anything malicious, it can still leave your important data vulnerable to threats. If their computer isn’t updated regularly or if they have poor internet browsing habits, their data — along with your login credentials in their possession — can be prone to cyberattacks.
If you really must share the contents of your computer or cloud storage, you should seek the help of an IT administrator to securely share sensitive information.
Not using a password manager
Password managers are good tools that, when used correctly, can change the way you use passwords forever. A password manager will securely save your passwords and even help you generate new passwords to meet corporate password policies. All you’ll need to remember is one master password to access the password manager app and you’ll have access to your entire library of access credentials. Best of all, the top-notch password management apps of today are either free or only cost a few dollars.
So there really is no reason not to use password managers. Failing to do so makes it harder for staff members to eliminate bad security habits and practices.
There is no good excuse to reuse passwords. This is because today’s cybercriminals use databases of stolen access credentials from various sites to try and see which ones pair up to open an account. For instance, if you use a password you used anytime before 2016 for any Yahoo! account, you can practically be guaranteed that it is compromised. The 2016 Yahoo! breach resulted in over one billion username and password pairs lost to cybercriminals. Up to this day, these malicious entities continue to use these password databases to illegally access social media accounts, online banking facilities, email inboxes, and more.
Writing login credentials down
This is a very common mistake made by even the most tech-savvy individuals. Writing passwords down on a personal notebook or journal might seem like a good idea, since they ideally will be viewed only by the owner. But the fact is, written passwords are still quite easy to lose, or worse, get stolen. An opportunistic criminal can peruse a forgotten notebook and try out any username-password combinations it contains.
Another thing to consider is that you might forget that your passwords are written down in your planner. When you dispose of your planner at the end of the year, your passwords go with it. By then, there will be no telling where your access credentials end up.
Choosing common passwords
Lastly, you should avoid common passwords. Common passwords such as “12345” or “QWERTY” are easy to remember, but it also means that many other people are likely using them as well. For instance, the average person shares their birthday with around 20.8 million other people; imagine if all of them used their birthday as their password. That means a breach for one could very well result in a breach for all of them.
A good way to check whether your password is common or not is by consulting free password strength checkers like howsecureismypassword.net. The site will give your password a rating based on how long it would take a hacker to figure the password out. One of the criteria it uses is password popularity, which is based on password search trends, leaked credential databases, and breach histories.
Reach out to outsourceIT for any and all data protection and information security needs. We’ll be happy to provide assistance. Contact us today to learn more about our services.