Passwords are continually under assault. Hackers want them because they’re the keys to getting into accounts of all kinds, including online banking, cloud software like Microsoft 365, online shopping with saved credit cards, and much more.
Most business activity happens in the cloud these days, and all that’s protecting all sorts of sensitive information is a username and password. Password compromise is responsible for approximately 77% of all cloud account breaches.
Having an account hacked can have costly consequences that range from credit card theft to a ransomware infection that requires immediate computer repairs.
74% of phishing attacks involve credential theft.
Unfortunately, a factor working in the favor of phishing scammers and password thieves is the fact that many users still use poor password security. They’ll use weak passwords, store passwords using non-secure methods, and use the same password for multiple logins.
Beyond bad password security, large data breaches also compromise user passwords. So far in 2021, there have already been breaches of user information at Facebook, U.S. Cellular, Kroger, and GEICO. Many data breaches like this expose user logins, which are then sold on the Dark Web.
Protecting passwords is one of the most important IT security basics for any business.
Smart Ways to Secure Your Passwords
Use a Password Manager
The average person has approximately 100 passwords they need to keep up with, including for both business and personal logins. You would have to have a photographic memory to be able to remember 100 different passwords, especially if they were all a combination of letters, numbers, and symbols.
So, people resort to storing passwords insecurely. Such as in an unprotected spreadsheet named “passwords” or as contacts in their email application. Some will even use sticky notes.
A password manager gives you a secure way to store passwords. They are encrypted and only accessible through one master password. So, users can have strong, unique passwords stored safely for all logins and only need to remember one to access all the others.
Password managers are available in both personal and business plans and can be used to securely store other sensitive information as well, such as company credit card details.
Implement Multi-Factor Authentication
The best defense against password theft is to have a second requirement for your logins. With MFA enabled, the password is not enough to gain access. The user must also input a code that is sent to a pre-designated device.
Even if you follow strong password practices, your passwords can still be compromised in a breach of a vendor you use through no fault of your own. Using MFA can keep your accounts safe even if that happens.
According to Microsoft, enabling MFA blocks 99.9% of all fraudulent sign-in attempts.
Use a Strong Password Generator
There are still far too many people out there using passwords like “password123” or “qwerty” to protect their accounts. This is like giving an open invitation to a hacker to have full access to your account.
Strong passwords are typically those that contain:
- At least 10 characters
- Use both upper-case and lower-case letters
- Use at least one symbol and one number
Thinking up strong passwords doesn’t usually come naturally to most people, so they end up using weak passwords that are easily hacked. You can solve this issue by using one of the many free strong password generators available online. Using a strong password generator removes the uncertainty that comes with trying to create your own passwords. If you use a password manager, a bonus is that they also come with a password generator.
Don’t Reuse Passwords
When you reuse the same password for multiple sites, you multiply your risk. If just one of those sites is breached and your password exposed, then anywhere else you use that password is now in danger.
65% of people reuse the same password for multiple accounts. People will also mix highly sensitive with less sensitive accounts.
For example, 31% of people use the same password for a streaming site as they do for a sensitive account, such as online banking. Now, couple that with the fact that 52% of people will share their streaming password with others.
Each account needs to have a unique password protecting it so if one of those passwords is shared or breached, it’s not impacting other accounts.
Monitor for Password Breaches
It’s important to stay aware of when a login may have been breached. Unfortunately, users aren’t always notified promptly after a breach happens. For example, a data breach compromising 23 million accounts at the online retailer Café Press occurred in February of 2019. It wasn’t until early September that some users received notification in the mail.
The time lag between a breach and a notification happens due to the time it takes a company to realize they’ve had a breach and identify what was compromised and the time it takes them to put together a notification strategy. In the meantime, your accounts using that password are left at risk.
Ways that you can monitor to see if any of your passwords have been involved in a breach are:
- Use the password monitor feature in browsers like Chrome and Edge.
- Use a Dark Web monitoring service.
- Use an identity theft monitoring service.
Do You Need Help With PC or Cloud Security?
Carl’s Computer Care can help your Louisiana business put safeguards in place to ensure all your staff passwords are properly protected.
Contact us today to schedule a consultation! Call 225-315-3498 or reach us online.