Password Strength: Audit Your Accounts Today

photo of a password being entered on a screen

If you don’t want to fall victim to a cybersecurity incident, you need a strong password.

“Breaches, as always, continue to be mostly due to external, financially motivated actors. And 61% of breaches involved credential data,” Verizon revealed in their 2021 Data Breach Investigations Report of nearly 30,000 cybersecurity incidents.

Having a strong password is a great first start in preventing a cybersecurity incident. 

While they aren’t the only protection an organization can put up against data breaches, they can mitigate the damage.

Here’s how to audit your accounts for password strength, and what else you can do to protect your data.

 

Include Passwords in Security Awareness Programs

First, be sure to include passwords in your security awareness program—educate your employees (and customers) about what a good password looks like, how often it should be changed, and the importance of why passwords matter. 

Be sure to highlight the following tips in your security awareness program:

  1. Keep passwords private—don’t share passwords with others.
  2. Use different passwords for different applications or accounts. 
  3. Use a mix of uppercase and lowercase letters, along with numbers and special characters or symbols.
  4. Consider using a passphrase instead of a more simple password. 
  5. The more complex, the better. 
  6. Enter passwords only on private networks, and not on public networks like in airport lounges, libraries, or coffee shops. 
  7. Beware of phishing scams that entice hackers to steal login credentials. 

 

What Should A Good, Strong Password Include? 

In your security awareness program, highlight examples of good passwords using the principles mentioned above. 

Passphrases are often preferred to passwords because they’re harder to figure out. 

For example, you may consider converting a phrase to an acronym and use that as your password: 

ApIw1,0o0WA picture is worth a thousand words

Find a phrase that is unique to you. 

 

What Does A Bad Password Look Like? 

Compared to good passwords, bad passwords are commonly used and easy to guess. 

The top 10 worst passwords in 2020, according to NordPass, were: 

  1. 123456
  2. 123456789
  3. picture1
  4. password 
  5. 12345678
  6. 111111
  7. 123123
  8. 1234567890
  9. Senha
  10. 1234567

Combined, those passwords were exposed nearly 50 million times. 

Most took less than a second to crack.

Bad passwords also include sensitive data such as birthdays, anniversaries, street addresses, and other information that is connected to the user. 

 

Use A Password Manager

Having a strong, unique password or passphrase for each of your accounts is challenging. 

That’s why we recommend IT departments install and enforce the use of a password manager across their network. 

Password managers generate, store, and help you update passwords. 

Most password managers also offer users and IT departments real-time security checks to help you understand whether specific passwords have been potentially compromised in a cybersecurity incident. 

Plus, password managers also help you understand the age of a password—industry regulations may dictate or recommend that passwords change regularly, such as every 30, 60, or 90 days. That way, you can know when an older password needs to be changed for a newer one. 

 

Use Multi-Factor Authentication (MFA)

Finally, we recommend—and some industries require—the use of multi-factor authentication (MFA) to help keep your sensitive information protected. 

MFA requires more than just a password to ensure the user logging in is the person who is supposed to be there. Enabling MFA for your business means that no matter how clever the criminal, they will still be missing one or more factors, preventing access. 

MFA has five key factors: 

  1. What the user knows. In other words, a password.
  2. What the user has. This is your answer from the list of security questions with which you’re provided to verify your identity upon logging in. 
  3. Who the user is. This is a face or fingerprint scan. 
  4. Where the user is. A device often sends messages to confirm the location from which it has been logged in. 
  5. What the user does. This could be a gesture or patterns the user needs to complete to unlock a device or account. 

Overall, we recommend a thorough audit of your business’s passwords in order to either achieve compliance or to implement best practices for your organization. 

By educating your team about the importance of strong passwords and password management, your business maintains a much better defense against cybersecurity threats than those who don’t. 

Passwords and MFA are just two components of a comprehensive data security plan. How many of these 20 safeguards does your business protect against? Download your Data Security Checklist today!

New Call-to-action