When it comes to security, you might think doing more is better. But sometimes, the things you stop doing can have a big impact, too. Cyber attacks and data breaches affect businesses of all types every day, and passwords are often the weakest link in a company's cyber defense. Unfortunately, common password mistakes made by employees are one of the primary ways bad actors gain access to corporate networks and accounts. Building a culture of cyber resilience requires an understanding of the psychology behind employee password security mistakes and offering tools and systems that compensate.
So what are the top five employee password mistakes you should look out for? And how can a password manager help employees stop making them so you can strengthen your organization's cybersecurity and thwart cyber attacks?
Mistake #1: Using short, guessable passwords
Your maiden name, child's birthday, or anniversary date are all poor password choices. So is your birthplace, alma mater, or pet's breed. Bad actors can easily find that information on social media or search engines or socially engineer the target into sharing that information. Employees often choose short, guessable passwords so they won't forget them and can type them in quickly and easily without slowing down their work. Understandable? Yes. A poor strategy? Also yes. A password manager takes employee passwords to the next level without the added burden of creating super long, complicated passwords. Instead, a built-in password generator creates a new, random password in a click and then stores it for the next time the employee needs to access that account.Mistake #2: Reusing passwords
The only thing worse than a weak password is reusing that password for many accounts. Unfortunately, if a web service experiences a data breach, hackers will add any leaked username and password combinations to their database of stolen credentials. The hackers will then try logging in on other websites - think corporate email, corporate networks, social media, banking - to see if those username and password combinations are valid. It's essentially like handing a hacker a copy of the key to your house. A password manager quickly eliminates password reuse by identifying which accounts employees need to update with a new password. The built-in password generator instantly offers new, long, randomized passwords that it automatically stores for next time.Mistake #3: Sharing passwords insecurely
Some password sharing is inevitable in the workplace. Multiple team members may share a single service subscription or need to oversee a client's project. IT teams need to manage admin accounts while marketing teams coordinate social media content. Whatever the scenario, employees often make the mistake of writing down passwords, sending them over email, texting them, or leaving them scrawled on whiteboards. A password manager offers team-based password sharing, allowing team members to share account access without compromising password security. Instead, the shared passwords remain encrypted and accessible only to those with the right level of permissions.Mistake #4: Mixing work and personal passwords
They say business and pleasure don't mix, and the saying holds for passwords, too. Unfortunately, employees use the same passwords at work and home for the same reason they create weak passwords: Employees are scared of forgetting their passwords. When they make the mistake of using the same passwords for personal and business accounts, they're opening up the company to the risk of a successful cyber attack. A password manager helps eliminate password reuse with a built-in password generator. It also allows an employee to monitor the improvement of their password security with a security dashboard. In addition, a password manager offers a way for an employee to manage both work and personal credentials separately and securely. Separate vaults for work and private means the employee can protect work data while enjoying the option to "link" those vaults for easy access to both simultaneously.Mistake #5: Relying on just passwords
Strong, unique passwords are a must for good cybersecurity defense. But it's a mistake to think that relying on strong passwords is enough. Failing to give employees additional security options and protections is risky. Instead, reinforce password security with extra layers of cyber security like two-factor authentication and policy-based access. A password manager standardizes password strength across an organization so that all employees can achieve a high level of security. But a password manager also helps you go beyond passwords. You can enable two-factor authentication for all employees. You can centrally manage policies that restrict access, standardize authentication requirements, and monitor the organization's password security for suspicious activity. Want to make sure your employees are safely sharing their business passwords? Click the button below.