Holli's IT Blog for Non- IT People

Best Practices in Password Security to Share With Your Employees

Written by Holli Houseworth Langford | May 15, 2024 8:07:31 PM
It might sound like the same old story but trust me when I say, it's not. We see it every day. Employee's passwords are still getting guessed by hackers. We have clients send us their passwords through email in plain text almost every other day. And when I say the passwords are weak, I am saying the passwords are WEAK. So for best practice, assume you have employees that are reusing passwords from their personal accounts and using weak, easy to guess passwords.  Passwords are the most common defense against unauthorized access to computers and systems, but they're often ineffective due to poor user habits. Let's look at some best practices, strategies and some dos and don'ts.

 

What can be done to make passwords as effective as possible?

Your best option is to use a password manager, for more information on that, read our blog: https://cloud-cover.me/hollis-blog/10-cybersecurity-tips-business-to-implement

Include a mix of upper and lowercase letters, numbers, and special characters, such as $ ! & %, etc. 

Use a passphrase instead of a password. An example could be ATreehas86GR8AppleZ! 

Use different passwords for all accounts, especially personal and work accounts, those should always be different.

Use Multifactor Authentication (MFA) when possible. Factor one is something you know, such as your password,, Additional factors will be something you have, such as a text message sent to your phone or your fingerprint or face ID.

Here are some things that you shouldn't do: 

Don't use your personal information as part of your password, it's too easily found on the internet.

Don't store your passwords in Chrome or other internet browser password managers. While, this might seem more secure, these actually store your passwords in clear text, so if someone accesses your machine, or your google account, they will have access to all of your passwords.

Don't keep your passwords written down on a piece of paper or a notebook near your computer.

Don't use the same passwords for multiple accounts or use the same variation. 

Do not email or text your passwords to anyone. You shouldn't be sharing them with anyone anyway.

If you think that this is all old news and everyone knows these best practices and none of your employees are putting your business at risk because of bad password practices, think again. According to Security Magazine, 3 in 4 people are at risk of being hacked due to poor password practices. 

If  you are concerned that you or your employees credentials could be at risk, we can run a dark web scan report for you. The report will show us if you or anyone using a company email has had their email or passwords involved in a breach. We can send you the report and it takes us about 10 minutes to run the report for you. To find out more about that, check out our page: cloud-cover.me/free-dark-web-scan-offer

Please share these best practices and Dos and Don'ts with your team. It could mean the difference between your organization's data security and a breach.