If you want security, you need a strong password.
“Weak or stolen passwords are responsible for more than 80 percent of hacking-related breaches,” according to Verizon’s 2017 Data Breach Investigations Report.
This year, Verizon has analyzed more than 53,000 security incidents and 2,200 data breaches to find that most were financially motivated.
Strong passwords may not outright prevent data breaches, but they can mitigate the damage.
Here’s how to audit your accounts for password strength.
Talk About Passwords
Include password strength as a topic in your security awareness program.
More than 6 out of 10 IT executives “who were asked what they were doing to enforce strong passwords reported that they rely exclusively on employee education,” according to a study commissioned by LastPass. “In other words, they instruct their employees on how to create their passwords using numbers, letters, and characters, as well as how to change them, but do not enforce these behaviors. From there, the employees are on their own.”
Change Your Passwords
Nearly one-third of those surveyed by Thycotic “have used or still use birthdays, addresses, pet names or children names for their work passwords.”
Passwords should instead be a string of characters, numbers, and symbols that are difficult to decipher.
Use A Password Manager
Every company has many, disparate systems. Most require separate passwords.
A password manager can help generate, store, and easily change each system’s password.
More than half of the organizations surveyed in the LastPass study said they did not have single sign-on available, meaning “that every required password change must be dealt with on an individual basis.”
Further, the report also showed that nearly 7 out of 10 employees would use a password manager if it was available to them.
If employees say they would use a password manager, it might be wise to invest in one.
Use Two-Factor Authentication (2FA)
Passwords are one way to verify your identity to get into a system.
Two other ways, according to PC Mag, are “something you have,” such as a device, and “something you are,” such as your fingerprint.” Authenticating yourself means combining two out of these three factors.
“Implementing 2FA on accounts will mean it takes a little longer to log in each time on a new device,” warns PC Mag, “but it's worth it in the long run to avoid some serious theft, be it of your identity, data, or money.”
Verizon adds that 2FA “can limit the damage that can be done if credentials are lost and stolen.”
Think about how strong the passwords are employees are using in your organization. Perhaps it is time to audit the passwords and upgrade them to be more sophisticated in order to mitigate risk.