The number of online services and systems that require the user to login with a password has multiplied exponentially over the years. In the same period, we have also seen changes in the best practices for passwords. For example, it is no longer recommended to use easy-to-remember (and easy-to-find) information such as your mother’s maiden name, first pet’s name, or most memorable place. Instead, these days, it is widely considered that the best passwords are hard-to-guess, long, complex and unique.
In reality, long, complex and unique passwords are difficult to remember, many people will resolve to reusing a password or opt to make them simpler and easier-to-remember.
A recent study by CLTRe and KnowBe4 Research suggests that a staggering 76% of employees are likely to re-use passwords. The study, which looks into employee attitudes and everyday security practices in organizations worldwide, reveals that only 24% of over 160,000 people surveyed write down or store their passwords.
Worse still, a whopping 25% of employees are using the same password for all logins (source: https://www.knowbe4.com/breached-password-test).
The issue of employees re-using passwords is a big one. Using the same password at multiple locations, or a short password that is easy to remember, makes it all too easy for someone to gain access to information and data systems they shouldn’t. What if that password is available on the dark web? When passwords are compromised due to data breaches, they are readily available to be used by the bad guys for further attacks.
Similarly, results of other surveys show that less than a quarter of people use a program to keep their passwords (e.g. a password manager), while more than half of us try and remember them without writing them down.
Inconsistent or impractical advice – such as being asked to create a long and unique password using a complex combination of characters, whilst also being told not to write the password down – causes confusion and frustration amongst users.
Here are three solid tips to share with your employees for more secure passwords:
- Create unique passwords. The safest solution is to create a unique password for each service you use. Passwords do not have to be a single word, they could be a simple sentence or a random sequence of digits, letters and special characters. The harder it is to guess, the more secure the password is.
- Write your password down somewhere no one else has access to. With many unique passwords, it can be difficult to remember them all. Write them down, but make sure no one else has access to the list.
- Use a ‘password manager’. This is a safe and secure way to avoid having to remember complex, unique passwords. There are plenty of good programs and applications available. Consult your IT department at work; they will be able to advise you.
For help assessing the scale of exposed, re-used, or weak passwords in your organization, did you know that KnowBe4 (our parent company) offer a number of free tools? Examples include:
- Browser Password Inspector
- Weak Password Test
- Password Exposure Test
- Breached Password Test
- Multi-Factor Authentication Security Assessment
For more information about all the free tools available from KnowBe4, check out https://www.knowbe4.com/free-it-security-tools.