Are your employees using a strong password?

Passwords are the oldest way to establish identity. The benefits of passwords outweigh their limitations, which is why many attempts to eliminate the use of passwords completely have been unsuccessful. Used carefully they can be both secure and convenient.

However, passwords can be a double-edged sword. They can be very effective when used properly, but they can also become a threat if misused – and this is where your employees play a critical role.

In order to work properly, passwords need to be ‘strong’, meaning that they need to be long and contain mixed characters (letters, numbers and symbols). A passphrase – a sentence that contains uppercase and lowercase characters, punctuation or symbols, and numbers – is the perfect example of a ‘strong’ password.

‘Weak’ passwords are a real threat to your organisation. These are the classic ‘123456’ passwords, or the ones containing birth dates, sport teams’ names etc. The use of these passwords is way more common than you think, and a lot of employees underestimate the danger of using these passwords for both work and personal accounts.

Unfortunately, data breaches and weak passwords go hand in hand like bread and butter. Hackers attack accounts that use weak passwords and those that reuse the same passwords. So, it makes no difference how good your internal policies and procedures are or how strongly your cyber security systems are configured, if you’re using weak passwords you are already on the target list.

Password management can be an issue. We see too many cases of employees having their passwords written down on post-it notes or saved in an MS Word file. If the post-it is misplaced or worse lost, there is a serious risk to your organisation’s security. If you are hacked and passwords are stored in MS Word files these files then your passwords will fall directly in the cyber criminals’ hands and immediately all your systems and applications are vulnerable.

To help minimise the risk of employees using weak passwords, organisations should configure systems to require ‘strong passwords’ when creating user accounts and frequently advise their staff on how to create and manage strong passwords. These are some of the tips you could give them:

  • Choose a unique phrase or string of words that’s easy to remember but difficult to guess for hackers.
  • Encourage employees not to reuse their work password, especially across work and personal devices and accounts.
  • Implement a password management application

Having employees use strong passwords plays a critical role in your cyber security strategy, so fostering a culture of cyber security awareness in your organisation, complemented with training is very important.