The 2018 Verizon Data Breach Investigations Report revealed that 81% of company data breaches were due to poor passwords and password practices. In the 2022 report, a combination of human errors, misuse, and social engineering accounted for 82% of breaches.
When we conduct countless activities online, from shopping and banking to socializing and learning, the importance of passwords cannot be overstated.
Passwords serve as the first line of defense in protecting our online accounts and sensitive data. But are we using them wisely?
For over 25 years, WEBIT Services has helped hundreds of clients identify and address security risks to protect their businesses.
By reading this article, you will learn common bad password habits, the risks associated with these habits, and, most importantly, offer practical tips on how to enhance your password security.
Why Do We Use Passwords?
Passwords are the digital keys that grant us access to our online world.
They are strings of characters, often a combination of letters, numbers, and symbols, that verify our identity and safeguard our information.
Think of them as the locks on the doors to your virtual homes, protecting your data from prying eyes and cybercriminals.
3 Common Bad Password Habits
1. Using Weak Passwords
Weak passwords are like leaving your front door unlocked in a rough neighborhood. They are easily guessed or cracked by cybercriminals. Here are some examples of weak passwords to avoid:
- "123456"
It doesn't get much weaker than this. It's the first combination a hacker might try. - "Password"
Ironically, the word "password" is a common, weak password. - "Qwerty"
This is simply the sequence of keys on a keyboard.
2. Reusing Passwords
Imagine using the same key to open your house, car, and office. That's what happens when you reuse passwords across multiple accounts.
Cybercriminals know this, and if they crack one password, they potentially have access to your entire digital life.
For instance, if your email and online banking share the same password, a breach in your email could lead to unauthorized access to your finances.
3. Writing Passwords Down
Writing down your passwords may seem like a helpful memory aid, but it poses serious risks.
Written passwords may be discovered by others both in person and through items like digital photos.
People often record passwords using:
- Sticky Notes
Leaving passwords on sticky notes around your desk is akin to hanging your keys on the doorknob. - Digital Files
Saving passwords in unencrypted digital files can be a goldmine for cybercriminals if they gain access to your device.
The Risks of Bad Password Habits
The Risk of Using Weak Passwords
Weak passwords are the lowest-hanging fruit for hackers. They can easily employ brute force attacks or dictionary attacks to crack simple passwords, granting them unauthorized access to your accounts.
Imagine you use "123456" as your password, and a cybercriminal manages to crack it. They can now access your email, social media, and bank account if you've used the same password across these platforms. It's a digital nightmare waiting to happen.
The Risks of Reusing Passwords
When you reuse passwords, you place all your online eggs in one basket. If a single account is compromised, it's a domino effect, potentially leading to identity theft, financial losses, or data breaches.
For instance, if you use the same password for your social media and your work email, a breach in your social media could lead to unauthorized access to your professional correspondence.
The Risks of Writing Passwords Down
Physically writing down passwords poses a physical security risk. Sticky notes can be lost, and cybercriminals can easily access digital files, leaving your accounts wide open.
Imagine you've written your banking password on a sticky note, and someone finds it. They now have access to your financial accounts.
If you take a photograph of your workspace, the sticky note might seem like an unimportant background detail. However, cybercriminals can use this image to read the note and hack into your account.
9 Tips to Improve Password Security
1. Create Strong Passwords
A strong password is your first line of defense. It should be a unique combination of upper and lower-case letters, numbers, and symbols. Consider using passphrases that are longer and more memorable. Here's an example:
- Weak Password: "P@ssw0rd"
- Strong Passphrase: "BlueSky$OverThe7Mountains!"
2. Use Passphrases
Passphrases are easier to remember and more secure than simple passwords. Create a memorable phrase or sentence and add complexity with numbers and symbols. For example, "I love hiking in the woods during autumn!" becomes "ILov3Hiking!nTheWoodsDurngAutumn."
3. Avoid Personal Information
Steer clear of using easily obtainable personal information, such as your name, family members' names, or birthdate, in your passwords. Hackers can easily find this information.
4. Use Unique Passwords for Each Account
Treat each online account as distinct. Use unique passwords for every website or service you use. This prevents a security breach in one place from compromising your other accounts.
5. Implement Two-Factor Authentication (2FA)
2FA adds an extra layer of security by requiring a password and a secondary verification method, like a text message or an authentication app.
6. Security Questions
Avoid using easily guessable answers to security questions. Instead, use fictional answers or ones that only you would know.
7. Regularly Update Your Passwords
While you don't need to change them frequently, it's wise to update passwords if you hear about a data breach affecting a service you use.
8. Educate Yourself
Stay informed about cybersecurity best practices. Technology evolves, and so do security threats. Awareness of the latest trends and threats can help you better protect yourself.
9. Use a Password Manager
In our increasingly interconnected world, managing multiple strong passwords can be challenging. This is where password managers come to the rescue.
Password managers securely store your passwords and can generate complex ones for you. They simplify your digital life by automatically filling in login information for various sites and apps. Popular password managers include LastPass, Dashlane, and 1Password.
Next Steps for Better Password Habits
Safeguarding your online presence begins with recognizing and rectifying bad password habits. Remember, in the digital world, a strong password is like a robust lock, and it's the key to keeping your online life secure.
Common bad password habits include:
- Using weak, easily-guessed passwords
- Reusing passwords across multiple accounts
- Writing passwords down or in a digital file
To reduce the risk of security breaches and increase password security, users should:
- Create strong passwords.
- Use passphrases.
- Avoid using passwords that include personal information.
- Use a unique password for each account.
- Implement two-factor authentication.
- Assign more difficult answers for security questions.
- Regularly update passwords (particularly in a suspected breach).
- Educate yourself on risks, tips, and trends.
- Use a password manager.
By following these steps, you can significantly enhance your cybersecurity. The more complex a password, the less likely a cybercriminal can crack it in a brute-force attack.
Talk to your IT provider or internal IT team to review your company's password habits and policies. They can help you identify and address risks like weak passwords. They can also help devise IT security training or recommend tools like password managers to meet your needs.
WEBIT Services is passionate about helping clients reach their cybersecurity goals. We believe education and knowledge are the first steps in building effective cybersecurity practices.
If you're looking for a new IT provider, schedule a 30-minute consultation to see if WEBIT Services might fit your company.
If you are not ready to speak to our team of experts but would like to learn more about cybersecurity, we recommend the following articles:
