Passwords are part of life — because we're so used to creating them, we may forget how critical they are for security. They are the foundation of our online security. The password protects our bank accounts, emails and sensitive information. Your business needs protection from the ground up and password safety plays a key role.
A password breach could cause your company to suffer massive financial and data losses. Despite the frequency with which we create and use passwords, we can all benefit from learning the rules for creating a password. This password safety guide will help your business and employees protect your sensitive information.
In This Article
- Why Is Password Security Important?
- Common Password Safety Threats
- How to Create a Safe Password
- Password Safety Do's
- Password Safety Don'ts
- Password Safety FAQs
- The Ultimate Tool in Password Safety: Zero-Knowledge Passwords
- Protect Your Passwords With Bravura Security
Why Is Password Safety Important?
A password is the one thing that stands between your business and its sensitive information. Hackers and other malicious actors have various tools to crack passwords to access your finances, steal your identity or avail yourself of your customer base data. For example, hackers can crack an 11-character password consisting entirely of numbers in two seconds.
Cybercriminals are constantly evolving, coming up with innovative ways to crack your passwords. Questioning how often you should change your password or what not to include in your password takes on new importance in the fluidity of the online climate.
Studies show that in 2019, around 21 million unique passwords were hacked. If employees use easy passwords or reuse and rotate the same ones, your business could be at risk of a breach. Some consequences of weak password protection include the following:
- Identity theft.
- Data breaches.
- Blackmail and ransomware.
- Computer hijacking.
Lack of password safety puts your business, employees and customers at risk. A breach in cybersecurity can result in staggering financial losses — victims reported losses in the range of $6.9 billion in 2021 alone. Adequate password safety is an integral part of cybersecurity as a whole.
Common Password Safety Threats
Cybercriminals know the common design flaws in password creation and exploit them to gain access to your business information. Although they're always evolving their methods, some common password attacks include the following:
Brute Force Attacks
These attacks are devoid of finesse and throw every possible password combination at your security system with multiple login attempts in the hopes of finding a match. Hackers create specialized programming to attempt trillions of password combinations. Complex passwords provide the best protection against these attacks.
Dictionary Attacks
Hackers rely on our basic word choices to create multiple login attempts. They use malicious programs to test every word in the dictionary and gain access. These attacks can also include personalized attempts relating to where employees live and even what books they read.
Keylogging
Keylogging involves installing malware on your business computers that monitor employees' keystrokes as they type. They can flag often repeated unique phrases and recognize them as passwords. To combat these attacks, your employees must be aware of phishing attacks to avoid allowing malware into your systems.
Password Spraying
Armed with frequently used passwords, hackers test these against an employee's username in the hopes they've fallen back on common words and phrases.
Credential Stuffing
Anyone who has suffered a breach is vulnerable to credential-stuffing attacks. Hackers use your previous passwords — including variations and combinations — to try and log in to your current accounts. People who use the same passwords across multiple accounts are particularly vulnerable.
Phishing Scams
Hackers might pose as legitimate businesses or individuals to persuade users to input their login details, often using cloned websites, malicious links and fake forms. Once the user has given their login information, cybercriminals can install malware and other malicious software on their computer, which can then be transferred across your entire business network.
There are multiple types of phishing, including spear phishing, smishing and whaling. Many of these scams come via email but can also be delivered via text message, video call or even the fake profile of a senior executive within your company.
Insider Threats
Sometimes the cyber threat is within your organization. Human beings are unpredictable and prone to errors. Employees can use authorized access deliberately or accidentally to give malicious cybercriminals sensitive information. If all your employees know your passwords, it creates a severe data breach risk.
How to Create a Safe Password
Organizations have to deal with two primary types of account passwords - those governed by your identity management program and those decentralized and ungoverned, for example, passwords to social media accounts, spreadsheets, and more that may be used and re-used in many places.
For governed accounts, creating a solid and unique password is the first step to preventing password safety threats. It's essential you know the basic rules for building a strong password. Here are some quick tips to boost password strength for that extra layer of protection:
- Avoid sequential numbers and letters: Hackers are always looking for sequences. They're easy to remember, so people use them often. For extra security, never use combinations such as “12345” or “XYZ."
- Keep personal information personal: If it's online or on social media, hackers will use social engineering techniques to find it. Don't include easy-to-access information like birthdays, addresses, pet names or phone numbers.
- Stay away from actual words: Stay protected against dictionary attacks by keeping real words out of passwords. Avoid colloquial language, proper nouns and popular media references. Stick to the general rule — if it's in the dictionary, don't use it.
- Combine letters, numbers and symbols: The most secure passwords combine non-sequential random letters, numbers and symbols. The more complex, the better — think of the upper and lower case, special characters and number variations.
- Prioritize the length of your password: Passwords are more challenging to crack as they get longer. They should be a minimum of 16 characters to mitigate the chances of cyber attacks.
For ungoverned accounts, the above guidance holds true. But better guidance is to use a zero-knowledge password manager like Bravura Safe that autogenerates passwords for every account stored in one password vault for secure retrieval. These unique passwords can be incredibly complex as they do not need to be manually remembered.
- Use different passwords for all accounts: Don't fall prey to credential-stuffing attacks. Create a different password for each account. Steer clear of reusing and rotating passwords.
Password Safety Do's
How do you create the perfect password? Here are some quick tips to maximize password safety and keep your business information safe:
Do Create a Strong Password
Put yourself in a hacker's shoes for a moment and consider what you would do to get into someone's system, then create a password that counteracts these attempts. Ensure your password contains the following elements:
- Both upper and lower case letters.
- Random patterns and sequences.
- Special characters.
- At least 16 characters. The longer the better.
Do Change Your Passwords Frequently
Stay one step ahead of cybercriminals with regular software changes. If they're throwing brute force attacks at your business, they'll have to start again whenever you change. Please keep all your password changes strong and complex.
Do Use an Enterprise Password Manager to Enable Zero-Knowledge Passwords
A password manager encrypts and stores unique passwords for different accounts and sites, which means employees don't have to remember each one and which account you used it for. An enterprise password manager takes things a step further — enabling zero-knowledge passwords.
Zero-knowledge passwords are a vital method of password safety software companies use to keep mission-critical information secure. If the server storing your sensitive data suffers a breach, the hacker will have all your information and the means to access it. Zero-knowledge encryption prevents this, as only you can access and decrypt your data — even your security software company doesn't have access.
Enterprise password manages and secures decentralized passwords for your business. The only password you need to remember is the one accessing your password manager.
Do Use a Strong Password for Governed Accounts
Accounts governed by Bravura Security's identity program have synchronized passwords across all systems so you do not need to manually update them in systems and applications. This is a unique feature that covers a broad range of systems and applications, including legacy systems such as mainframe and AS/400. Our customers find this invaluable.
Do Use a Strong Yet Unique Password for Decentralized Accounts
People use the same password for all their accounts because the thought of memorizing many different passwords can be daunting. For accounts that are not managed by your identity program password manager, the key is to leverage a password safe or vault that follows best practices. That way you will never re-use passwords while safely storing them all in one place and maintain the integrity of your security at the same time.
Do Use Two-Factor Authentication
Two-factor authentication adds another layer to your password safety. This access management method requires two forms of identification to complete the login process. Even if cybercriminals manage to hack your password, chances are they won't be able to complete the authentication. The most common form of two-factor authentication is text message verification. You can also use push notifications, voice-based authentication and hardware tokens to help your employees keep your data safe.
Password Safety Don'ts
Now you know what you should do to keep your passwords secure, let's look at some of the password practices to avoid.
Don't Use Your Username as Your Password
Your username may be easy to remember, but it's one of the first things a would-be hacker will try. Usernames in any form — reversed, doubled, capitalized or anything else leave you open to malicious attacks.
Don't Use Easily Guessed Passwords
Many people use the same passwords all the time, making them easy for hackers to guess. Avoid generic terms and anything related to your personal information. If it's easy to find out through social engineering, it's best avoided. Steer clear of the following:
- Sports and sports teams.
- Family member and pet names.
- Birthdays, anniversaries and special occasions.
- Variations of your phone or social security number.
- Variations of the same password.
Don't Use the Same Password for More Than One Site
If a hacker cracks one of your passwords, they will try it on all your accounts. If your password is the same across the board, they will have access to all your sensitive information in minutes.
Don't Create Short Passwords
It may seem like shorter passwords are easy to remember, but this is only sometimes the case. A short jumble of random numbers, letters and special characters looks secure, but it may be more challenging to recall than we assume. They're also more accessible to password-cracking programs.
Don't Share Your Passwords With People You Don't Trust
While it may seem unlikely that anyone would share a password with someone they don't trust, it happens. Guard your passwords and only share them with people when absolutely necessary. If you suspect someone else has seen your password, change it as soon as possible.
Don't Send Passwords to Shared Sites
In cases where multiple employees have to use the same password for a shared site, use a secure link that disappears after receipt. Employees can then transport the password into their enterprise password manager.
Password Safety FAQs
We've answered some common password safety questions here to help you and your business stay ahead of the curve. As you need a separate password for every site, please keep these answers in mind so you don't get into dangerous password territory.
What Are the Six Rules of a Strong Password?
These six rules can get you started on the route to creating a secure password:
- Use at least eight characters — a minimum of 16 is better.
- Use a combination of different characters.
- Use at least one uppercase letter.
- Avoid personal information.
- Use a different password for each site.
- Check your password strength with an online tool.
How Often Should I Change My Password?
There's no exact science behind how often you should change your password, but at the very least, you should change your passwords quarterly or every three months. Sometimes it's necessary to change passwords more frequently, like when:
- You no longer need or want to share an account with someone.
- You've experienced a data breach.
- You have a weak or easy-to-guess password.
- One or more of your accounts have been hacked.
- You have to enter your password on a public device or network.
- You or someone else has shared your password over an insecure channel.
What Should I Not Include in My Password?
Aside from personal information, other commonly used elements make passwords easy for hackers to guess. Leave the following out when creating a new password:
- References to sports or sports teams.
- Dates and years.
- Names of people close to you or random names.
- Any word found in the dictionary, including curse words and colloquial language.
- Proper nouns.
- Months, days and seasons.
- Favorite foods, drinks and television shows.
Remember the rule — don't use it if it's a real word.
What Are the Most Common Passwords
The most common passwords are the easiest to guess. Despite cybersecurity risks, people are still choosing to keep things simple regarding password creation. Some of the most common passwords people use include the following:
- 123456
- Password
- 12345
- 123456789
- password1
- abc123
- 12345678
- qwerty
- 11111
- 1234567
The Ultimate Tool in Password Safety: Zero-Knowledge Passwords
Zero-knowledge passwords offer your company unparalleled password safety. They allow your password safety software provider to authenticate your login without knowing the password themselves. Using a zero-knowledge enterprise password manager gives your business all of the password safety best practices outlined above and has the extra safety measures inherent with zero-knowledge creation and usage.
Your business has the option of mitigating the threat of phishing and brute force attacks with passwordless options. Biometrics is becoming increasingly prevalent as cybercriminals get more creative every year. Passwordless authentication is quick and easy, allowing your business to maintain a competitive edge in cybersecurity.
Protect Your Passwords With Bravura Security
Weak passwords and the resulting data breaches can be catastrophic for your business. Bravura Security can help you navigate your daily challenges with our identity management, privileged access and password management platform — the only one of its kind delivered as one powerful solution to augment your current business security practices.
With decades of cybersecurity experience and award-winning innovations, Bravura Security provides trusted password management solutions. Your company will benefit from effective risk management and protection with the power of one solution. To experience the benefits of Bravura Security first-hand, book a demo today.
Related Articles
Are Password Managers Safe and Secure?
In today's ever-changing technological climate, passwords are a double-edged sword. On the one hand, they protect our sensitive data from breaches — on the other,...
The Pros and Cons of Passwordless Authentication
Cybersecurity threats are a serious concern for businesses, and with 81% of breaches resulting from hacked or stolen passwords, companies must explore alternative...