Skip to main content

Eight common password mistakes to avoid

Eight common password mistakes to avoid

Research points out that more 80% of data breaches happen due to password hacking, meaning that poor password hygiene is responsible for a majority of cybercrimes that follow data breaches. To make sense of this statistic better, let’s first look at what constitutes poor password hygiene.

Using simple passwords

Often passwords that are easy-to-remember are easy-to-hack. Do you use passwords such as password, password1234, delta123, etc.,? If yes, then you should be changing them at the earliest to something less obvious.

Repeating passwords across platforms

As another solution for remembering passwords, people tend to use one, single password universally. This dilutes the password even if it is a strong one. Plus, there’s always the risk of the password being hacked at one place and putting the data stored at all other places also at risk.

Unauthorized password sharing

Unauthorized password sharing for the sake of getting things done faster is a very real problem. For example, someone is on leave and someone else needs access to a particular file from their computer. The employee who is on leave shares the password and that can result in a security compromise.

Writing down passwords

This the most obvious, yet oft-made password mistake. Just so they don’t forget the passwords, people tend to write them down on a piece of paper, a diary or sometimes, store it on their phone. You know what can follow if the piece of paper or diary or the phone is stolen. Same goes for storing passwords on email and if the email server is compromised.

Not revoking access on time

Cases where ex-employees log-in credentials were used to hijack company data are not unusual. When companies forget to revoke the access of employees as they move out of the department or organization, they are leaving a gaping cybersecurity hole open which is easy to take advantage of.

Not updating passwords

Using the same password for years or even months can be risky. Passwords should be changed every 3 months and perhaps even sooner for critical applications.

Single factor authentication

For the more critical areas, multi-factor authentication must be deployed. Relying on password alone is a huge cybersecurity risk. Multi-factor authentication includes tokens, biometric authentication, OTPs, etc., which make it very difficult to hack into the application.

These are some of the basic password mistakes that almost everyone is guilty of at some point. You can prevent these from happening in your organization by educating your staff about them and training them well to cultivate good password hygiene.

Comments

Popular posts from this blog

Cybersecurity training basics: Password best practices

Cybersecurity training basics: Password best practices & phishing identification As a business you know the importance of ensuring that your data is safe from the prying eyes of cybercriminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cybercriminals. This blog offers a list of what you should cover in cybersecurity awareness training. Password best practices This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know Not to share passwords How to share passwords safely (if at all it has to be done) How to set strong passwords The importance of changing passwords often Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it You could also

Access matters when things go to **and?)!

Access matters when things go to **&?)! The COVID-19 pandemic brought a multitude of lessons along with it, on both the personal and professional fronts. From the business perspective, the pandemic turned things upside down across almost every industry. One of the biggest trends that the pandemic brought was remote work. While working from home (WFH), or telecommuting as it was called earlier, existed in some industries, the pandemic made WFH mainstream for everyone. From doctor’s offices, to SMBs to IT companies, almost every industry had to resort to remote operations to stay in business. This shift from on-site, brick-and-mortar offices to WFH brought along with it some serious challenges. This blog discusses 2 ways businesses leveraged technology to overcome the various challenges businesses faced with the sudden shift to the remote work environment. Data access This was one of the first and foremost challenges. When shelter-in-place orders and lockdown restrictions were impos

What does cyber insurance typically cover?

What does cyber insurance typically cover? Cyber insurance is a must-have to protect your business against the risk of cyber events and loss, compromise, or theft of electronic data. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data--especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover. Forensic analysis After a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating. Notification expenses, penalties & lawsuits Along with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation. Revenue los