Passwords are an important part of your security and also one of the easiest ways that hackers gain entry into your network. User credentials are constantly under attack. That’s why we’re talking about common password security mistakes and what you should do to avoid them.
We’ve discussed password security best practices before. We also talked about having regular cyber security training in your company. But even with these in mind, it’s important to highlight the common password security mistakes that you might be committing.
What are the risks of password mistakes?
The risks from committing these password mistakes are great. A compromised account, especially one without least-privileged access, can result in your most important information or devices being stolen or attacked. With the rise of ransomware attacks as well, we’ve highlighted in the past how compromised credentials can result in millions of dollars lost for companies whose credentials are compromised.
If you are committing the password security mistakes below, your risks increase more. Some of the mistakes below, though common, open you up to easily being compromised, from lack of barriers or because of reused or shared passwords.
Common Password Security Mistakes
Changing Passwords Too Often
Many companies have the routine of changing their passwords at regular intervals, even when there is no evidence that a password has been compromised. This presents various challenges for the user having to change the password. They need to remember something new, because it can’t be an old password, and it needs to be sufficiently complex.
This means many people have difficulties remembering their new password. Employees can end up forgetting, locking their selves out, or compensate by writing their passwords down to remember them, which compromises security of the password. All of these are bad outcomes.
A better solution is to have a password vault that will manage these complex passwords for you and remove the challenges and shortcuts people will take to login with their credentials as easily as possible.
Not Using Passphrases
Requiring a password to be more than 15 characters long and have a mixture of letters, numbers or characters is a big task for someone to remember. This is why passphrases should be used to remember such lengthy requirements. Instead of a mixture of random letters, numbers and characters, using a phrase, while substituting letters in the phrase with numbers, is far easier to remember and makes for a strong password.
Avoiding using passwords based on your personal information, like birthday, phone number, address or other personal information that is easy to discover should be avoided. These are too easy to crack, along with simple words that a dictionary-style attack could quickly discover.
Sharing of passwords is common. It’s also a big password security mistake. When everyone has the same credentials, your endpoints are not secure. It also amplifies issues of password management. If a person is terminated, you can not simply deactivate an account associated with that individual. Your problems instead become amplified and, in many cases, you may not even know what endpoints that individual even knew the passwords to when sharing is so rampant.
Not Using Multi-Factor Authentication
Passwords are too important to not protect with additional layers of authentication. If you aren’t implementing least-privileged access, you should at least be putting MFA to authenticate users. Make sure you aren’t committing this mistake by not protecting your passwords with additional methods of authentication.
There are a few reasons users commit this password security mistake. It’s hard to remember complex passwords, especially when you are in an organization that makes you change your passwords frequently (one of our other password security mistakes). To combat this issue, users may reuse their password across devices and accounts. Of course, this means that once one of them is compromised, the rest of them are compromised.
This highlights the importance again of using passphrases, so your passwords remain complex, but also easy to remember for yourself. It’s also another reason password vaulting is a great option to pursue as you look to increase your password management maturity.
Reduce Your Password Security Mistakes, Increase Your Cybersecurity
If you’re looking for quick security wins, examining how your business treats its passwords is a good place to start. Many of the mistakes we listed above are both common and easy to fix. If you’re looking to truly overhaul your password security and reach architectures likes Zero Trust, we have more resources for you.
Our Password Management Maturity Model and our Password Management Best Practices will help you see what you should be doing and also where you currently are on your journey to achieving a Zero Trust-worthy implementation in this area of your cybersecurity.
If you have any questions or want to know how we can help you, you can contact us here.