Poor password hygiene can create critical security risks. These unsafe practices make it easier for cybercriminals to crack or steal passwords using malicious software, tools, or social engineering to access employees' personal identifiable information, compromise websites and system data, and make organizations vulnerable to preventable cybersecurity breaches. Some of the most common poor practices include:
- Using weak or predictable passwords, such as “12345” or “password” or names of family members or pets.
- Using short passwords, or overemphasizing password complexity over length.
- Reusing passwords across multiple accounts, even if the password is strong enough.
- Storing passwords insecurely, such as on sticky notes, as plaintext files, or as unencrypted documents.
- Sharing login credentials with colleagues or family members.
- Not using password managers.
To maintain data security and protect the organization against cyberattacks, the following best practices can be put in place:
Make long passwords
Short passwords are easy for hackers to break using password-cracking software. Short passwords of six characters or less can be broken relatively easily; however, with each additional character the password becomes significantly more time-consuming, and therefore difficult, to crack. Passwords should be at least eight characters long as they are exponentially more difficult to crack than a six-character password.
Although password complexity (using upper case letters, numbers and special characters) is also desirable, according to the National Institute of Standards and Technology (NIST) it is not nearly as important as password length. A good password can be three random words or a phrase of appropriate length.
Use a Password Manager
Passwords are vulnerable when they are easy to guess or when they are made public after a data breach. Password managers mitigate both risks by generating and saving complex, random passwords unique to each of a user’s accounts. Complex passwords are difficult to guess, and if one is exposed in a data breach the damage is minimized because it is not shared among the user’s other accounts.
Password managers offer free and paid options. Standalone password managers (e.g., 1Password, LastPass, Bitwarden) are typically best due to their features and flexibility, but built-in browser or operating system password managers may also meet needs. Additional password manager features include the capability to store other sensitive information (credit card numbers, addresses, etc.) as well as options to share passwords without revealing them.
Enable Multi-Factor Authentication (MFA)
After they enter a password, MFA prompts users for another way to prove their identity, such as via mobile app notification, biometric scan, or text message (SMS) code. Even the best passwords aren’t immune to being cracked or exposed to a breach; MFA is a crucial layer of additional protection.
MFA availability varies, but many banking, shopping, social media, email, and other online services provide it. MFA can also be used to protect password managers for an additional layer of defense.
Related
Tags
Intelligence Analysis
Russia, Ukraine: Conflict Negotiations Likely to Start in Complex Strategic Environment
The Ukraine conflict is set for significant changes in the coming months following the inauguration of US President Donald Trump.
By Chris Clough
February 21, 2025
Intelligence Analysis
Heightened Tensions Between New Government and Minority Groups in Syria Likely to Persist
Relations between the new Hayat Tahrir al-Sham (HTS)-led government and minority groups will likely remain tense despite the Islamist group's assurances to protect minority rights.
By Dalilah Dawood
February 20, 2025
Case Study
US Retailer to Protect Employees and Sites Nationwide with Crisis24 Risk Management
A major US retailer with thousands of locations nationwide chose Crisis24 for its first security and travel risk management program.
February 19, 2025
Intelligence Analysis
Poliovirus Detected in European Wastewater in Late 2024, Underscoring Importance of Vaccination
Poliovirus was detected in wastewater across multiple European countries in late 2024, highlighting the need for continued surveillance and vaccination efforts.
By Robyn Mazriel
February 17, 2025