Password mistakes you may be making…

and how to fix them.

Despite the abundance of cybersecurity threats, consumers seem unfazed by the risks their own behaviours pose to their accounts.

While our brains are inundated with information every day, this password triviality becomes even more critical when we look at employee password behaviours and how it can put business information at risk.

Here are some password mistakes you may be making and how to fix them.

Thinking your passwords aren’t at risk.

Think your data isn’t valuable enough to make it worth a hacker’s time? Think again. While it might be obvious that a banking or PayPal account has value for hackers, over the past year, stories have emerged about hacked Airbnb, ride sharing and even food delivery accounts. Did you know that these logins can be sold by hackers on the dark web too? strongpassword

Verizon’s 2017 Data Breach Investigation Report found that 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords. A password can be a goldmine for hackers looking to exploit that information to get access to other accounts, data and more. Whether it’s your banking login or even a long-forgotten login to a shopping site or rarely used employee site, your password is almost always valuable to a hacker.

This is why users should treat every account as unique. Be sure not to share credentials and log-in information across sites, no matter how seemingly unimportant the accounts may be. And don’t make it easy for hackers to guess your password. Passwords should be lengthy and complex.

Reusing passwords at work and home.

We’ve all done it. You create a strong password that passes the security test on one website and decide to use that password over and over again. However, if a hacker gets access to a password used across multiple accounts, they have access to much, much more of your data.

While this can be problematic for your personal data security, it can become even riskier when this behaviour moves from home to the office where confidential information is stored for the business and numerous employees.  An employee’s re-used password, obtained from the LinkedIn breach, was used to steal user credentials for more than 60 million accounts.

That’s why no two accounts should ever use the same password, whether at home or at work. Using unique passwords ensures that a breach at one website doesn’t result in a stolen account at another. Password generators can help to simplify the process and take the guesswork out of creating unique logins for each site. And using a password manager can help you securely keep track of credentials for each site. These tools can alert you when a password is duplicated across accounts and will allow you to change a password with the click of a button, which is beneficial following recent major breaches, like the Netflix breach.

Using your good old default password.

Default passwords like “admin” or “password” can leave your information defenceless to compromise. Whilst these passwords can be easy to remember for accounts we use every day like employee logins, these passwords are go-to to gain access to your accounts. Default passwords are also a risk for any hardware or software you use to keep your business operating, from routers to collaboration software.

The good news is, this is an easy fix. You can change your password at any time. Consider using a passphrase instead of just a password. A passphrase is a string of words or phrases put together to create one long phrase that’s easy for you to remember, but difficult for anyone else to guess or crack.

Not using Two-factor Authentication

While long, complex passwords are important, they are not sufficient on their own. Many websites now offer two-factor authentication for added security. Two-factor authentication means adding another login step when you’re signing into an account. It combines something you know (your password) with something else you have like your phone or fingerprint, or even your location that lets you approve a new login.

Whenever possible, turn on two-factor authentication with your accounts. The benefit with two-factor authentication is that should your password somehow be, the attacker still won’t be able to get into your account without the two-factor authentication information.

As today’s hackers have access to more tools and exploits, and cyber threats become more advanced, threats to our data within accounts of all kinds are becoming a daily occurrence. Whether it’s your food delivery account or your payroll login, it’s critical that we treat passwords as the first line of defence. Making these quick fixes to your everyday password habits can help minimize risk of a compromise to your personal information and limit your business’s attack exposure.

A great website to test the strength of your passwords is https://howsecureismypassword.net/