Don’t Fall Victim to Password Mistakes in the Office

Employees often have these five misconceptions when choosing passwords for work.

Strong password creation is a necessity in the workplace, yet a vast number of working individuals do not understand what exactly is required to generate a secure password.

This is problematic because passwords are the first and last line of defense against unauthorized access. Even though dual-factor authentication is more secure, the majority of devices, applications, and cloud-based services rely on a single password for login verification.

With the increasing occurrence of data breaches, employees need to acknowledge that poorly designed passwords essentially invite hackers to come in and snoop. Let’s start by addressing the most common mistakes people tend to make with password creation.

A good password policy needs to address the most common mistakes people make when coming up with passwords. Here are five of the most troubling patterns that business leaders in every industry are likely to face:

Hackers use purpose-built dictionaries to identify words in passwords. These dictionaries are typically arranged in the order of the statistical frequency of words used in passwords (i.e. they will check for “password” and “monkey” before checking for “fishbagel”), and they will usually find these words extremely quickly and leverage that knowledge to break the password within minutes.

Good passwords are based on strings of seemingly random characters. The key to making a good password is finding a formula that generates meaning out of those characters, or utilizing a password manager to create and remember random passwords.

Birthdays, pet names, phone numbers, addresses, and other easily identifiable information makes for a poor password. Any information that can be obtained off social media should not be included in a password.

Users should even keep private data out of their passwords for the simple reason that this data does not change. Good password policy requires setting a new password at least once every 90 days. If users are relying on the same data to make passwords, it is only a matter of time before a pattern emerges.

A password that consists only of letters is far easier to break than a password that consists of letters, numbers, and punctuation marks. Passwords that use these extra characters expand the number of potential combinations by an exponential degree.

For the ultimate in dictionary-defying password protection, use your keyboard’s alt codes (Mac users click here) to generate mathematical symbols like π, ∑, and ∂. This approach greatly multiplies the maximum number of potential combinations, making strong passwords easy to make and remember. It’s important to keep in mind, however, that many sites limit which special characters you can use, so don’t be surprised if you’re unable to use this option everywhere.

One of the easiest ways to ruin a perfectly good password is to use it across multiple devices or applications. A crucial element of good password policy is ensuring that if a password is stolen, the compromised system can be easily quarantined. Using the same password for multiple accounts and devices makes that impossible to do, amplifying the damage that a single stolen password can cause.

Another easy way to ruin a perfectly good password is to share it with another person. Regardless of whether it’s done through messaging platforms or a piece of paper, it’s bad policy among coworkers and executives, even when there’s a high degree of trust.

Even if the password is never compromised, shared accounts make it difficult for security professionals to generate a reliable audit trail. This means that if a security-related event occurs, the team will not be able to investigate effectively. Nobody will be able to interpret the security log to find out which user did what because multiple users were sharing the same account.

With opportunistic cybercriminals looking for identities to steal, financial accounts to compromise, and devices to install malware on, a good password remains one of the most valuable assets an employee can rely on.

For business leaders and IT administrators, good password policy is the only thing that reliably produces strong passwords on a company-wide basis. Since you can’t walk around asking your employees to share their passwords with you (for obvious reasons), you need to educate them to make good password choices themselves.

Cybersecurity is a dynamic field. Best practices have to change in response to new strategies and developments in the cybercriminal underworld. There is real value in choosing a security vendor that you can rely on to stay up to date with the latest advances in the field.

Dashlane

Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

Read more