Hackers Love Slackers: 7 Password Rules You Have to Stop Breaking

Changed my password to incorrectPasswords are the first line of defense in protecting your data, and that security is only as strong as your weakest password. If you (or more likely your employees) are like most digital consumers, the chosen passwords fall in the weak-to-poor range, defaulting to minimum character counts, re-using passwords on multiple accounts, and even using common dictionary words. In other words, you’re just waiting for a hack.

If you want to stop a hacker in their tracks, you’re going to have to seriously beef up your password strategy. Implement these tips and ideas into your company’s data security policies to prevent a breach from the top down.

These are the most important password holes to avoid (and why) when selecting passwords for the lightest to even the most critically important data.

  1. Human-Generated Passwords. To err is human, but there is nothing forgiving about a hacker. Users shouldn’t be dreaming up their own passwords. Instead, use a password manager to generate unique codes for each account. They may seem long, complicated, and convoluted, but clearly our reliance on the most common passwords, like password, monkey, qwerty, and 111111 are failing us.
  2. Weak Passwords. Passwords are generally one dictionary word and letters only, giving hackers a short list of 26 characters to parse before breaking in effortlessly. Alphanumeric passwords that use punctuation and capitals have 94 key options; using that combo provides a password far more difficult to cut through.
  3. Matching User, First, or Service names. Including your user name in a password, your own first name or that of a close family member, or even the service name itself is a huge security hole you’re opening yourself up to. If it seems obvious and memorable to you, imagine how simple and obvious it is to a hacker.
  4. Recycling Passwords. One and done is quite possibly the worst password philosophy. If a hacker can get through on one account, and you use the same password in more than one location, then you’ve effectively given them carte blanche access.
  5. Sharing Passwords. Never share a password unless you want to open yourself up to a huge security hole. If you must, don’t share the credentials in plain text (like an email, text message, or even handwritten). Instead, use something like SendThisFile Secure Messaging, which encrypts a message subject and body and is only accessible through a password-protected dedicated link.
  6. Keeping Old Passwords. The longer a password has been active, the longer a hacker has open access to your account(s). A best practice is to change your password on a regular basis. Monthly, quarterly, and during the time changes are common reminders for updates. Consider making this a company-wide policy to prevent security breaches.
  7. Writing Down Passwords. Have a special notebook, sticky note, or text file on your computer where passwords are recorded? Burn them. The massive security risk this poses is detrimental on both a personal and enterprise level. Again, password management software exists, is supremely reliable, and should be the rule, not the exception, for anyone managing any digital passwords.


Image credit