All types of businesses need to ensure the security of their data against unauthorized access. Recent incidents like the data breaches at Target and JP Morgan have exposed millions of individuals to the risk of identity theft and inflicted substantial financial damage on businesses and financial institutions.
Even the most robust data security system has a weak point: the authorized access point protected by passwords. If hackers can gain access to your username and password, they can log into your system and gain unauthorized entry to all of your information and system controls, potentially causing significant financial harm.
Despite this, many people make simple mistakes that make their passwords more vulnerable to attacks. Being aware of password mistakes is the first step in avoiding them and enhancing your company’s IT security.
The Common Password Mistakes
#1 Put Personal Data into the Password Basis
CNN’s list of major password mistakes includes one that stands out. Many individuals struggle with memorizing a random combination of alphanumeric characters, leading them to choose a password that’s easily remembered.
One common strategy is to use personal details like their name, date of birth, or Social Security Number. Unfortunately, this approach creates a weak password that is susceptible to guessing.
People often reveal such information in social media posts or when applying for loans. Determined hackers actively seek out this data to aid their attempts in guessing your passwords.
#2 Don’t Encrypt Passwords
Even the most complex password will not be able to provide data security if it is simply intercepted by an attacker during your authorization. To reduce password risks, you can use a VPN or dVPN. You can read more about what is a decentralized VPN (dVPN) at the link. For example, it can be VeePN, which is a decent option, but you are free to choose for yourself.
#3 Repeating Passwords
Using the same simple password repeatedly is not advisable, but it is even worse to use that identical password across multiple apps and sites.
According to SpyCloud, approximately 64% of people have reused a password that was compromised in a breach, as stated in their 2022 annual identity exposure report.
If a site asks you to change your password, avoid reusing any previous passwords as they might have already been stolen. It’s better for people to update their passwords at least every 90 days.
#4 Enter Password In Wrong Place
Most unfortunate, but it doesn’t require much effort for malicious individuals to acquire passwords. They employ various tactics, collectively known as phishing, to deceive unsuspecting individuals. One such method involves making a phone call while impersonating a representative from a business you use and coercing you into divulging sensitive information.
Another approach entails sending an email masquerading as a website, service, friend, or colleague, with a link for you to click. Clicking on the link will either redirect you to a counterfeit website that requests your private information or initiate the launch of malware onto your computer. There are special databases into which phishing attacks are recorded. Some VPNs, evenVPN Edge extensions, can read them and alert you about vulnerabilities. This is not a panacea, but it still significantly reduces the likelihood of hacking.
#5 Using Almost Identical Passwords
Your employees now understand that using the same password is not advisable. However, they may attempt to use similar passwords, such as changing "530eastoakstreet" to "531eastoakstreet". Regrettably, password-guessing programs possess advanced capabilities to detect this.
Another common practice among employees is adding special characters, like "!" at the end of their password. However, such attempts are futile in enhancing cybersecurity since password-guessing software easily identifies this strategy. Special characters effectively enhance password security only when used within the password, and not at the beginning or end.
#6 Using Simple Sequences
Creating an easy-to-remember password once again leads to a highly weak password. People often use overly simple letter or number combinations like qwerty, 123456, abc123, 0987654321, and more. These are commonly used and extremely easy to guess, despite being easy to remember without any password hints. Fortunately, most business software rejects such weak passwords.
#7 Password Sharing
If an employee shares their password, even a strong and random combination of uppercase and lowercase letters, numbers, and symbols, the strength of the password will be pointless. Sharing any type of account information almost guarantees compromising the account’s security. To ensure account security, it is crucial for employees to comprehend and follow basic password protection measures, avoiding password sharing.
#8 Preservation of Accounts of Dismissed Employees
At best, terminating an employee is bothersome, and at worst, it’s outright unpleasant. However, regardless of the circumstances surrounding an employee’s departure, it’s crucial to promptly revoke their system access.
Even when the termination is amicable, it is too risky to leave an ex-employee with an account and password that can access your system. The likelihood of their account information being leaked is simply too high to take that risk.
#9 Storing Passwords In Unsafe Places
Your employees understand the importance of using unique passwords and avoiding simple, easily guessable ones. To manage these passwords effectively, they may create a document or email them to themselves. However, this practice is extremely risky and highly sought after by hackers. If any malware infiltrates the computer containing this information, hackers will meticulously search the entire hard drive until they locate what they seek. Rest assured, a determined hacker will ultimately succeed.
Passwords are what protect us all from data theft. You definitely shouldn’t neglect them, otherwise leaks can be large-scale, especially if you have the same passwords everywhere. You don’t want to lose everything at once, even access to payment accounts? It is worth paying attention to passwords and avoiding the listed mistakes. Knowing where you went wrong automatically hints at needed changes in your password strategy.