Passwords easier to steal than ever: 8 common mistakes to avoid

Companies rely on passwords to protect sensitive info from hackers. But unfortunately, passwords often aren’t given the attention they deserve, leaving data barely more secure than it would be with no password at all.

Here are some of the worst password mistakes users make:

  1. Keeping it simple – A recent analysis of stolen passwords revealed that too many users come up with passwords with fewer than six characters, only use lower-case letters, or choose a name, dictionary word or consecutive numbers (like ‘12345’).
  2. Using the same password over and over again – For many users, if one of their passwords is stolen, not only is all of their personal data at risk, but so is any company protected by the same password.
  3. Not using the full keyboard – Using numbers as well as letters can make a password a lot stronger. But few users take the next step and incorporate special characters such as !@#$%.
  4. Writing the password down – As we wrote about recently, an alleged Russian spy recently learned that a strong password does no good when it’s written down and attached to the user’s computer.
  5. Staying logged in – Users may have strong passwords committed to memory and not written down anywhere — but then give prying eyes easy access to sensitive data by staying logged in to databases and applications when they get up from their desks. As companies that have been hit by inside hackers know, you can’t always trust everyone you work with.

Companies often try to use password policies to keep those mistakes from hampering security. But policies must be done right in order to have an effect. Here are some common password policy mistakes IT departments make:

  1. Going overboard – Requiring users to have a new and extremely complex password every 30 days may only encourage folks to ignore the rules or keep passwords written down.
  2. Getting lax – Some companies require strong passwords for users for their initial log-ins, but then get lax on other levels of security. That gives potential hackers only one tough password to crack, rather than several.
  3. Not staying updated – Password policies don’t always get looked at and revised very often. So even companies with good password policies might not be including all necessary systems.

Best bet: Instead of forcing users to follow strict password rules, some experts recommend training folks and offering tips on creating strong passwords that are easy to remember. Also, the use of a secure password manager can help users who need to keep a lot of different passwords.

How does your company keep passwords manageable while also making sure all sensitive data is sufficiently protected? Share your advice in the comments section below.