Research points out that more 80% of data breaches happen due to password hacking, meaning that poor password hygiene is responsible for a majority of cybercrimes that follow data breaches. To make better sense of this statistic, let’s first look at what constitutes poor password hygiene.
1. Using simple passwords
Often passwords that are easy-to-remember are easy-to-hack. Do you use passwords such as password, password1234, delta123, etc.,? If yes, then you should change them immediately to something less obvious.
2. Repeating passwords across platforms
As another solution for remembering passwords, people tend to use one, single password universally. This dilutes the password even if it is a strong one. Plus, there’s always the risk of the password being hacked on one site / service and putting at risk all of the data stored in other places where the same password is used.
3. Unauthorized password sharing
Unauthorized password sharing for the sake of getting things done faster is a very real problem. For example, someone is on leave and someone else needs access to a particular file from their computer. The employee who is on leave shares the password and that can result in a security compromise.
4. Writing down passwords
This the most obvious, yet oft-made password mistake. Just so they don’t forget the passwords, people tend to write them down on a piece of paper, a diary or sometimes, store it on their phone. You know what can follow if the piece of paper or diary or the phone is stolen. The same holds true for storing passwords in email and if the email server is compromised.
5. Not revoking access on time
Cases where ex-employees log-in credentials were used to hijack company data are not unusual. When companies forget to revoke the access of employees as they move out of the department or organization, they are leaving open a gaping cybersecurity hole which can be taken advantage of easily.
6. Not updating passwords
Using the same password for years or even months can be risky. Passwords should be changed periodically for critical applications, especially if the current passwords are simple. Simply incrementing a number that is embedded into a password does NOT make the new password any more secure, especially if a pattern can be guessed (ex: changing your old password from "letmein1" to "letmein2".).
7. Single-factor authentication
For more critical areas, multi-factor authentication must be deployed. Relying on a password alone is a huge cybersecurity risk. Multi-factor authentication includes tokens, biometric authentication, OTPs, etc., which make it very difficult to hack into the application.
These are some of the basic password mistakes that almost everyone finds themselves guilty of at some point. You can prevent these from happening in your organization by educating your staff and training them to cultivate good password hygiene.