This set of password hygiene tips may save you your job!

For over 50 years, passwords have been used to guard data in organizations. Despite their intrinsic value, they form the crux of security lapses, with more than 23m people found to be using ‘123456’ in the past.

More alarming is the fact that in 2022, ‘password’ was the most used phrase in the United Kingdom. The question is, where does the blame lie when a weak password leads to a breach?

Is it down to the individual to take personal responsibility, or do we need to apply pressure on organizations to introduce more robust authentication methods? The answer is “all the above”.

Remove reliance on passwords
The best way to enforce good cybersecurity practices is to reduce the reliance on passwords alone.

This means organizations need to adopt other authentication methods. For example, by combining multiple account protection solutions such as multi-factor authentication apps with biometrics, they can lower the risks of cyberattacks while at the same time, improve the overall corporate security posture.

Businesses could also consider using Single Sign-On (SSO), which allows staff to authenticate themselves on multiple, separate platforms via a single ID. This solution negates the need for several different passwords. There is an element of risk, but by combining SSO with multi-factor authentication you can add a second layer of protection.

Other ways to make an impact
Where passwords are used, improving password hygiene does not have to be complicated. There are actions that can be taken to help companies address the widespread problem of insecure passwords:

    1. Implement an account monitoring solution: You can only protect what you can see, so it is important that you have visibility of all staff accounts that have been compromised by an attack. Otherwise, how are you going to make improvements to stop an attack from happening again? This is why you need to review default account settings and turn on features such as locking an account after certain failed login attempts. You do not want an attacker to have unlimited attempts to break in.
    2. Protect against phishing attacks: What organizations should be asking themselves is ‘how did my email security allow this phishing email through?’ ‘Is it effective at blocking and preventing these carefully crafted emails?’ If not, then you need to invest in technology that will stop malicious emails from reaching the mailbox in the first place. The second step is to look for a solution that prevents a user from inputting their credentials into a phishing website. These solutions exist, it is just a matter of investment and adoption.
    3. Use a password manager: Sometimes having a password is a mandatory requirement, so you cannot rely on other authentication methods alone. Conduct an evaluation to decide if a password manager would be appropriate for your organization. Password managers allow employees to securely store credentials, generate unique passwords and fill up specific credentials automatically, removing the reliance on remembering hundreds of passwords or writing them and risking exposure to prying eyes.

Given that poor password hygiene and the resulting impact can damage an organization’s reputation beyond repair, it is time for every level of staff to take action.