Cracking simple and common passwords, such as ‘123456’ or ‘password’ literally takes less than a second. With the prevalence of such passwords, it is no surprise that this has become one of the most common ways for hackers to gain access to your digital assets.
This is important for you, as a business leader or a remote worker, because such methods easily pave the way for identity theft, financial fraud and data breaches. This is especially true, if you are working with a geographically dispersed team or network of clients. That’s why the basic requirements for password security have become so widespread:
- Passwords need to be strong – complex and consisting of at least 8 characters such as letters, numbers and symbols.
- Passwords must be regularly updated, in order to protect yourself in case your data has been part of a data breach.
- Passwords must be safely stored and not blatantly shared via accessible channels.
While important, this traditional sequence of advice tends to be counterproductive in achieving sustainable password security and effective behavioural change.
Why? Consider this: Almost every large organisation routinely requires their employees to change their passwords. Employees, whose main tasks and competence may be connected to human resources, marketing, project management etc. Naturally, what these employees do not focus on among their daily responsibilities is cybersecurity. When this time of the updating cycle comes around, they are presented with the same requirements.
Without effective training, these employees are therefore also likely to be lacking the acknowledgement of the actual impact of password security. This means that due to the inconvenience that yet another routine password change creates:
- they end up creating passwords that are easy to remember (and therefore easy to crack)
- these weak passwords will subsequently be stored in an insecure manner – in post-it notes on their desk or notes on their computer
- the employees will be further alienated from the core reasons behind password security
So when it comes down to the statement, “humans are the weakest link in cybersecurity” – password management is one of the most relevant examples of its application, especially when it comes to remote work. Our online accounts hold more critical data about us than ever before. And if the keys to this data are weak or easily hacked – so is your identity, financial details and much more.
Organising Passwords: Advice that works
As a business leader, you may therefore ask – if the traditional guidelines for password security do not work, what does? Perhaps we should reorder this advice. Instead of making your team reset their password every 3 months, let’s make the overarching goal: creating a sustainable password management system.
By today, we have a great selection of password management software to choose from. This software enables encrypted and secure password storage, effective methods for access sharing as well as helps you generate secure passwords in accordance to proven requirements. An effective system benefits you and your business by:
- Helping you and your team avoid the stress of inventing secure passwords
- Removing the burden of needing to remember all the passwords to various online accounts
- Allowing you to establish an effective and sustainable routine for regular updates
- Eventually protecting you and your business from becoming victim to an inconvenient and costly cyberattack.
For practical password management tools and a list of trusted online providers, check here what suits your needs best:
Password Security Risks to Acknowledge and Dodge
As awareness around password security increases, it is logical that browsers and other online tools are trying to catch up, integrating and simplifying user experience. You may have noticed that many browsers are now suggesting secure passwords and their storage upon a new password setup.
This seems like a modern and definitely comfortable solution. But browser-based password storage comes with its risks and we would not recommend this approach.
The reason behind this is the following: If you opt in for browser-based password storage, your browser will store a database of your login information. This database is often unencrypted. If a hacker were to gain access to your computer or your browser – which is easier than you may think – they have access to ALL your logins at once.
If you opt for the option of encrypted password storage on your computer, your passwords would be encrypted and protected by your chosen master password and inaccessible by your browser.
For step-by-step guidelines on how to remove passwords from your browser, check out this resource by University of Iowa.
Organising Passwords as a Team-wide Effort
When it comes to business security, password management has to be a team-wide effort – even, and perhaps especially, if your team is working remotely. A personal password management system is easy to achieve – it only requires your own will and subsequent behavioural change. But if only a few members of a team follow effective guidelines, the security of your business is still at risk.
Cybersecurity is often seen as a luxury topic. Commonly, it tends to become a priority when an attack or “close call” has already taken place. All we can say to that, is we suggest you make it a priority ASAP. After the initial time investment, you will be left with an effective password management system that will also help you save time in the future.
As much as possible, especially in SMEs and other small teams, this system setup should include the whole team. We recommend setting up an hour-long meeting time with your team in the near future to go through the initial setup process – from acquiring the software to agreeing on basic principles and a personalised password update process.
No doubt this requires behavioural changes and therefore a little bit of commitment, but the resulting security is worth it. If you’re looking for more actionable advice on creating a sustainable password management system and perhaps a step-by-step guide, check out Day 2 of the free Cyberpower Challenge here for more information.
Once you’re ready to take the next steps to upgrade your cybersecurity, check out our other offerings on the Cyberpower Academy and stay tuned for our upcoming course on Assembling Your Cybersecurity Toolbox.