Password Strength: Audit Your Accounts Today

If you don’t want to fall victim to a cybersecurity incident, you need a strong password.

Having a strong password is a great first start in preventing a cybersecurity incident. 

Weak passwords are among the many factors that make up the human element that can lead to a data breach. 

"The human element was a component of 68% of breaches," according to Verizon's 2024 Data Breach Investigations Report.

While strong passwords aren’t the only protection an organization can put up against data breaches, they can mitigate the damage.

Here’s how to audit your accounts for password strength, and what else you can do to protect your data.

Include Passwords in Security Awareness Programs

First, be sure to include passwords in your security awareness program—educate your employees (and customers) about what a good password looks like, how often it should be changed, and the importance of why passwords matter. 

Be sure to highlight the following tips in your security awareness program:

1. Keep passwords private—don’t share passwords with others.
2. Use different passwords for different applications or accounts. 
3. Use a mix of letters, numbers, and symbols, including uppercase and lowercase letters and special characters. 
4. Consider using a passphrase instead of a more common password. 
5. Use a password generator. 
6. The more complex, the better. 
7. Enter passwords only on private networks, not public networks like airport lounges, libraries, or coffee shops. 
8. Beware of phishing scams that entice hackers to steal login credentials. 

What Should A Good, Strong Password Include? 

In your security awareness program, highlight examples of good passwords using the principles mentioned above. 

Passphrases are often preferred to the password because they’re harder to figure out. 

For example, you may consider converting a phrase to an acronym and use that as your password: 

ApIw1,0o0W → A picture is worth a thousand words

Find a phrase that is unique to you. 

What Does A Bad Password Look Like? 

Compared to secure passwords, bad passwords are often used and easy to guess. 

The top 5 worst passwords in 2023, according to NordPass, were: 

1. 123456
2. admin
3. 12345678
4. 123456789 
5. 1234

All of the top 5 passwords took less than a second to crack.

Bad passwords also include sensitive data such as birthdays, anniversaries, street addresses, and other information that is connected to the user. 

Use A Password Manager

Having a strong, unique password or passphrase for each of your accounts is challenging. 

That’s why we recommend IT departments install and enforce the use of a password manager across their network. 

Password managers store, update, and create strong passwords for online accounts. 

Most password managers also offer users and IT departments real-time security checks to help you understand whether specific passwords have been potentially compromised in a cybersecurity incident. 

Plus, password managers also help you understand the age of a password—industry regulations may dictate or recommend that passwords change regularly, such as every 30, 60, or 90 days. That way, you can know when an older password needs to be changed for a newer one. 

Use Multi-Factor Authentication (MFA)

Finally, we recommend—and some industries require—the use of multi-factor authentication (MFA) to help keep your sensitive information protected. 

MFA requires more than just a password to ensure the user logging in is the person who is supposed to be there. Enabling MFA for your business means that no matter how clever the criminal, they will still be missing one or more factors, preventing access. 

MFA has five key factors: 

1. What the user knows. In other words, a password.
2. What the user has. This is your answer to the list of security questions with which you’re provided to verify your identity upon logging in. 
3. Who the user is. This is a face or fingerprint scan. 
4. Where the user is. A device often sends messages to confirm the location from which it has been logged in. 
5. What the user does. This could be a gesture or pattern the user needs to complete to unlock a device or account. 

Overall, we recommend a thorough audit of your business’s passwords in order to either achieve compliance or to implement best practices for your organization. 

By educating your team about the importance of strong passwords and password management, your business maintains a much better defense against cybersecurity threats than those who don’t. 

Passwords and MFA are just two components of a comprehensive data security plan. How many of these 20 safeguards does your business protect against? Download your Data Security Checklist today!