Passwords: Security Boost or Risk?

Since remote work is here to stay, so should our concern for increasing cybersecurity. Verizon’s annual Data Breach Investigation Report indicates that cyberattacks are continuing to get more creative. That might make you a little nervous for your organization. Fortunately, though, there are simple steps you can take to boost security. Passwords are key (quite literally) to securing your organization against cyberattacks.

Passwords In the Cybersecurity Landscape

We’re all familiar with passwords and probably use them daily for multiple accounts. You’re likely using passwords regularly to log in to both work and personal accounts. However, if you’re like 75% of Americans, you’re frustrated. It’s just so hard to keep track of all your passwords! That statistic, by the way, comes from this report published by Google. It highlights a range of concerning facts about how we manage our passwords.

For instance, a quarter of Americans use easy-to-guess passwords like “abc123.” That’s no good for security. In addition, a majority reuse the same passwords across various accounts. This increases the potential for damage if a hacker gets hold of your password. Imagine if they get the password to your music streaming service and then use it to access your bank account! Since the pandemic, the risk has only grown. This IBM report found that the average adult created 15 new online accounts during the years of COVID. Even more concerning? We have no intention to “declutter” our accounts. We just keep reusing the same passwords in more and more places. It’s no wonder that the majority of cyberattacks target people as a primary security vulnerability.

For these reasons, this article from Forbes identifies passwords as a major security risk for organizations. The majority of security breaches involve the misuse of credentials. For example, one common type of security incident involves credential stuffing. That’s when hackers use the password they obtained through one site to access a bunch of other accounts too. This wouldn’t be possible if not for our poor password hygiene.

Mistakes to Avoid

Let’s look at some of the most common mistakes we make when it comes to our passwords. As mentioned above, a common problem is using the same password across multiple sites. This video from CNET explains why this happens. We’ve usually got dozens of online accounts. Is it really realistic to have a distinct password for each one? How could we even remember them all?

Still, there’s no excuse for not at least creating a more complex password than “password.” According to this Forbes article, that’s the most common variant! The runner up: passwords that simply use a string of numbers in sequence like “123456.” Other common passwords include other basic, generic strings of numbers like “111111” or “123123.” If your passwords are that simple, they’re super easy to hack. Remember, according to the data, about 25% of us are falling into this pitfall. 

Then, of course, you have our bad habits. This article points out quite a few. According to the data from Google, about 40% of Americans share their passwords with others. That’s never a good idea, even with someone you trust. I once had a supervisor give me the password to her work account. This isn’t just something we do with loved ones; it’s a workplace issue as well. You’d think that at least, people would change their passwords regularly to reduce vulnerability. However, only about one-third of Americans do so.

Whether you’re an employee or an organizational leader, you should be concerned. Imagine that someone with access to your business accounts is making these mistakes. They’ve been using the password “123456” on both personal and work accounts for years, and other people know this. How can you protect yourself from this kind of liability?

Next Steps for Organizations

This article details a range of steps organizations can take to shore up their cybersecurity. First, it’s important to set clear standards for password security at work. This will start with providing some basic cybersecurity awareness training. (Remember, this should be part of both the onboarding process and continual professional development.) Talk about the key points I’ve made above first. Make sure people generally understand why password hygiene matters. Explain how they might be falling short.

Then, outline the expectations at your organization. This will likely include introducing employees to security tools you want them to use. For instance, you may want everyone to use a certain password management software or multifactor authentication (MFA). If so, choose software with a well-designed user experience. This will make it easier for your employees to get started with these new tools. For instance, some password managers have browser plugins that autofill passwords for you. That may involve a lot less friction than using an app for MFA.

Of course, you could always go for a much lower tech solution. This article reminds us that once upon a time, companies used to issue passwords to their employees. (And password resets weren’t an option.) I know this can sound annoying and patronizing, but there are clear advantages. First, it’s free. Second, it eliminates any vulnerabilities related to employees reusing passwords between personal and work accounts. Still, it’s important to communicate openly with employees if you implement this policy. You have to acknowledge concerns they may have about privacy or anything else. Still, that doesn’t mean it’s not worth considering.

Fill Your Cybersecurity Toolbelt

With that said, you can certainly harness the power of modern technology to bolster your organization’s security. I’ll explain a few of these options so you can consider what would best suit your needs. First is the password manager, as mentioned above. This software will store all your passwords in one secure location online. This makes it possible for people to create a bunch of unique passwords without needing to memorize all of them. Password managers can also randomly generate these passwords, making them even more secure. Here’s a list of the best password managers available in 2023. Check it out if this option interests you.

biometric passwords on phoneMeanwhile, this article touts biometric-based passwords as an even better option. This means using your fingerprint or facial recognition to access an account. For obvious reasons, this is more secure than a regular password or even MFA, which relies on what you know (a password) and what you have (a device). Biometrics are tied to who you are. Utilizing passkeys based on biometrics can also be much more convenient than jumping through the hoops of MFA. Fortunately, more resources are emerging to encourage developers to include the option for this kind of authentication. This resource created by Google is just one example.

Finally, this video by CNET encourages the adoption of physical security keys to replace passwords. These keys often plug into devices via USB, so they’re not vulnerable to online hackers. Other kinds can also pair with devices wirelessly through bluetooth technology. Workplaces that provide their employees with security keys certainly have fewer holes in their defenses than those relying on passwords.

What Individuals Can Do to Protect Passwords

What if your organization isn’t taking the steps above? Or what if you’re an independent contractor or entrepreneur? There are steps every individual can take to improve their password hygiene. This article provides some basic ideas to get you started. First, create unique passwords for all of your accounts. Make sure they’re complex too—no more of that “123123.” You can utilize a password manager to help you keep track of all these.

Once you have those passwords set, build in good habits to maintain cybersecurity. For instance, keep your passwords private. Avoid sharing them with others. Also, regularly audit your online accounts. Delete the ones you don’t use anymore. This will minimize your vulnerability to hackers. As a last line of defense, you can use this website to check if your credentials have been compromised in a major data breach.

However strong your passwords are today, you can almost certainly do more to protect yourself from cyberattacks. Especially in the workplace, security is key. And passwords are the key to that security. So start locking down your password hygiene today!