Employees Still the Weakest Link to Password Protection
December 10, 2021
Ponemon Institute’s The 2019 State of Password and Authentication Security Behaviors Report provides some startling stats about company employees and poor password use at work.
- 51% reuse passwords across business and personal accounts
- 2 out of 3 (69%) share passwords with co-workers to access accounts
- 55% don’t use any form of two-factor authentication (2FA)
- Weak passwords cost organizations an estimated $5.2 million per year
At the heart of many online security issues, using strong passwords is at odds with human nature’s inclination toward convenience. Taking another look at creating fortified password gives us all some well-needed reminders.
1. Don’t share passwords. Someone, whether a mischievous colleague or a service provider in for the day, may overhear or get a glimpse of your password and they could share it with a bad actor, so keep them to yourself.
2. Use different passwords for all accounts. Helps prevent account takeovers that happen when a user has more than one account using the same password. Hackers “credential stuff” passwords into other accounts, looking to find those using the same password.
3. Don’t use single words or sentences. A single word may be easier to remember, but it makes it easier for hackers to compromise an account. The same applies with using simple sentences for passwords. Instead, using random words makes more sense because it’s difficult to make sense out of random words.
4. Consider using password management tools. They help take the guesswork out of remembering individual passwords if this is a challenge for you. You only need to remember one master password to access all the others. Just consider the risk: If a criminal gets your master password, they have all of your others too.
5. Use multi-factor authentication. Assuming you have the device in your possession, you’ll receive a randomly generated numerical code necessary to complete log-in. The code provides an additional layer of identity confirmation and protection.
Stickley on Security