Password credentials are one of the most sought-after pieces of information from cybercriminals, as they are a gateway to systems, accounts, and sensitive or confidential information. In this blog, we’ll look at what password hygiene is, how passwords can be compromised, and some best practices for maintaining good password hygiene within your organization.
What is Password Hygiene?
Password hygiene is the practice of selecting, managing and maintaining strong passwords to protect accounts and systems from cybercriminals.
This includes, but is not limited to:
- Password creation – ensuring they are not obvious, common, or easy to hack
- Account variation – ensuring selecting unique passwords for each account
- Avoiding temptation – to write down passwords, or share with others, for convenience
- Keeping personal passwords private
Bad password hygiene can lead to a variety of cyberattacks including; data breaches, account takeovers, and other costly consequences. It is important that security administrators routinely invest time and resources to educating users the importance of password hygiene.
How can Passwords be Compromised?
There are a number of ways that passwords may become compromised:
- Brute Force Attack is when an attacker will use trial-and-error to try and guess the correct combination for login information, encryption keys or hidden webpage
- Phishing Attacks are when an attacker claims to be from a reputable company to gain access to sensitive and confidential data, or to deploy malicious software such as ransomware
- Credential Stuffing is a type of cyberattack in which a bad actor takes credentials obtained from a data breach and attempts to login to another service
5 Ways to Easily Improve and Maintain Good Password Hygiene
- Avoid Password Reuse
- Encourage Employees to Use Strong Passwords or Passphrases
- Protect Organizational Passwords
- Encourage Employees to Consider When They Enter Their Password
- Implement Multi-Factor Authentication (MFA)
1. Avoid Password Reuse
Whilst not reusing passwords might seem a little obvious, it turns out 65% of people reuse the same password for multiple or all accounts. But it’s not surprising. Those with an active digital life can have an average of 100 passwords!
2. Encourage Employees to Use Strong Passwords or Passphrases
It is far easier, and more convenient, for employees to choose a password with memorable information in it – birthdays, names of someone close, or even the name of a pet – but these are far more likely to be picked up by password cracking software, leading your organization’s information, accounts and systems vulnerable.
Encourage employees to use strong passwords, or passphrases for their work account which are different from their personal passwords.
But what makes a strong password?
- Use long password combinations
- Include a mixture of numbers, symbols, lowercase, and uppercase letters
- Use 3 or more random words to create a passphrase
- Combine your passphrase with numbers, symbols and uppercase letters
The best passwords are long (around 16+ characters) and are completely random.
3. Protect Organizational Passwords
Employees will have personal passwords and when combined with the multiple systems involved to carry out their working day, it can be tempting to write their passwords down and keep them all in one place. It might be worth considering introducing a policy on keeping passwords secure and offering a place to store organizational passwords, such as a password manager.
4. Encourage Employees to Consider When They Enter Their Password
Work patterns over the last few years have changed vastly with more flexibility for employees to work in different locations. Encourage your employees to consider when they are entering their passwords.
- Is the website secure with an certificate?
- Is the network being used trusted and secure?
- Avoid clicking any suspicious links received via email
- Is there a need to access the system urgently, or can it wait until on a safe and secure network?
By minimising the opportunities for bad actors to access credentials through unsecure websites, networks and suspicious emails, organizational vulnerability will decrease.
5. Implement Multi-Factor Authentication (MFA)
Using strong passwords, protecting your passwords lists and staff education are good foundations to improving your password hygiene within your organization, but it’s just the start. Multi-factor authentication (MFA) offers a further layer of protection for organizations to let the right people (and devices) in to systems – and the wrong ones out.