Updating your passwords consistently is an essential security tool.
Part of protecting a company’s data and systems from threats requires knowing when that company’s credentials have been compromised and that compromise isn’t always on them. A third-party breach could put corporate passwords at risk unexpectedly. IBM states it takes an average of 197 days for a company to recognize it was breached. That means if you have employees who are using their company email and password across multiple sites (ex: LinkedIn, QuickBooks, CRMs, DMS, Fantasy Football, Twitter, Facebook) and one of those outlets gets hacked, that stolen data can easily give hackers access to your company’s line of business applications, servers, emails, etc.…
So, is updating your password regularly enough? Not quite.
Two Factor Authentication is also an important way to monitor when your accounts are being accessed. In brief, two factor authentication (2FA) was invented to add an extra layer of security to the now considered old-fashioned and insecure login procedure of entering a username and password. With 2FA-enabled login procedures, you will first enter your username and password on the computer and then receive either a text message to your phone providing you with a verification code or you can use 2FA applications that provide you with a new code every 5-10 seconds. You must enter that verification code on the computer to complete the login procedure.
Our security experts suggest changing your password once every 30-90 days.
Although, the most important factor is simply creating a best practice that automatically forces everyone in the organization to change their password. Bad passwords are bad news and it pays to notice what makes a password good or bad. Here’s a look at five big mistakes that many people make when choosing a password, plus two ways to stop bad passwords from putting your company data and systems at risk.
Number one – don’t show your team spirit! Wear your team pride on your sleeve but keep it out of your password. Using a popular sports team or slogan in your password is about as smart as tagging your mascot in on defense.
- Rollt1de
- Yank34s
- St33l3r5
- E@gl3s
- R3d50x
Number two- even using sports in general is not a good idea. Sports fans can quickly find themselves on the receiving end of a penalty like a data breach with these insecure passwords.
- Basebal!
- Footb@ll
- S0cc3r
- H0ck3y
- T3nn1s
Number three- don’t use popular cartoon or comic book characters.
- 5pid3rm@n
- 5n00py
- M!ck3y
- Sup3rm@n
- B@tm@n
Number four- songs and bands are also very commonly used. Even though it’s smart to use multiple characters, letters, and numbers in your password, don’t use names of popular bands!
- blink182
- rush2112
- b3atle5
- bl0nd!3
- 8675309
Number five- don’t use common first names when creating passwords. It’s far too easy for cybercriminals to leverage social media.
- G30rg3
- Mich@3l
- Hunt3r
- Ch@rl0tt3
- M@tth3w
While education and complexity can help combat bad passwords, they’re almost inevitably still going to be a problem. A recent Dark Web dump revealed that over 40 employees from the World Health Organization (WHO) were using “password” as their password! Mitigate the risk of a password-related data breach or other cybersecurity disasters by adding a policy that forces everyone to reset their password on a regular basis and enable a multi-factor authentication solution.
Using a password manager like LastPass is a great way to keep passwords locked away and not have to memorize all of them!