Using weak or the same passwords across multiple accounts can create critical security risks. These unsafe practices make it easier for cybercriminals to crack passwords using malicious software, tools, or social engineering to access employees' personal identifiable information, compromise websites and system data, and make organizations vulnerable to preventable cybersecurity breaches. Safeguard your account data and organization against cyberattacks by ensuring you follow these best practices for password security:
Use a Password Manager
Passwords are weak when they are easy to guess or when they are made public after a hack. Password managers mitigate both risks by generating and saving complex, random passwords unique to each of your accounts. Not only are these complex passwords difficult to guess, but even if one is exposed in a data breach the damage is minimized because it is not shared among your other accounts.
Password managers offer free and paid options. Standalone password managers (e.g., 1Password, LastPass, Bitwarden) are typically best due to their features and flexibility, but your built-in browser or operating system password manager may also meet your needs. Additional password manager features include the capability to store other sensitive information (credit card numbers, addresses, etc.) as well as options to share passwords without revealing them.
Enable Multi-Factor Authentication (MFA)
After you enter your password, MFA prompts you for another way to prove your identity—often a text message code, mobile app notification, or biometric scan. Even the best passwords aren’t immune to being cracked or exposed in a breach; MFA is a crucial layer of additional protection.
MFA availability varies, but many banking, shopping, social media, email, and other online services provide it. Accounts you created years ago may not have offered MFA at the time, so check your security settings to see if MFA is now available. And of course, you can use MFA to protect your password manager for the best combination of defense.
Crisis24 provides in-depth intelligence, planning, and training, as well as swift and actionable responses to keep your organization ahead of emerging risks. Contact us to learn more.
Author(s)
Justin Phelps
Chief Information Security Officer
Justin Phelps leads Crisis24's information security program. He is responsible for establishing Crisis24's cybersecurity strategy and aligning it with client expectations and business objectives.
In...
Learn More