Leaving the key in the ignition of an unlocked car is an open invitation to a thief. When it comes to cybersecurity, a weak password is the key that unlocks the door to your critical information.
According to Verizon’s 2017 Data Breach Investigations Report, 81% of hacking-related breaches leveraged stolen and/or weak passwords. The website HaveIBeenPwned reports that nearly 520 million passwords have been exposed in data breaches.
Admittedly, the number of passwords in our lives can seem overwhelming. In fact, a 2018 survey conducted by LastPass indicates their average business user keeps track of 191 passwords. Furthermore, their findings reveal that people’s beliefs are inconsistent with their behavior:
- 91% understand that using the same passwords for multiple accounts is a security risk; however, 59% mostly or always still use the same password or a variation.
- 61% indicate that the primary reason for not changing passwords is fear of forgetting them.
- 53% have not changed a password in the last 12 months after a data breach in the news.
- And perhaps most startling, only 55% would change their password if their account was hacked.
Best Practices Matter
Investing the time in consistently practicing good cyber-hygiene is worth the payoff. Consider the alternatives—whether the anguish, time and money necessary to recover from identity theft, or the severe reputational and financial consequences of a corporate breach. Minimize your risks by making the following tactics a habit:
- Always change default passwords.
- Avoid using personal information as passwords (e.g. birthdates or children’s names).
- Create long, complex passwords by using: easy-to-remember phrases and including upper and lowercase letters, numbers and symbols (e.g., FALLIs4appLEs!).
- Change passwords regularly.
- Use a unique password for each account. Remember that a compromised password could be used to log into your other accounts. This is especially important with banking and financial accounts.
- Never re-use passwords.
- Never share passwords.
- Avoid using the same passwords on business and personal accounts. If you use your work email and password on a personal account that is compromised, the combination may show up on the Dark Web leaving your company vulnerable.
- Use two-factor authentication whenever possible.
- Consider a “Password Manager” account such as 1Password, Dashlane, KeePass, or LastPass.
We assume you already follow many of these mitigation practices, but if you’re curious, just visit HaveIBeenPwned to see if your account has already been compromised. Cybersecurity is a defensive game, and rigorous password management is among the strongest resources you can deploy.