Companies rely on passwords to protect
sensitive info from hackers. But unfortunately, passwords often aren't given
the attention they deserve, leaving data barely more secure than it would be
with no password at all. Here are some of the worst mistakes users make:
Keeping it simple - A recent analysis of stolen passwords revealed that too many
users come up with passwords with fewer than six characters, only use
lower-case letters, or choose a name, dictionary word or consecutive numbers
(like '12345?).
Using the same
password over and over again - For many users, if
one of their passwords is stolen, not only is all of their personal data at
risk, but so is any company protected by the same password.
Not using the full keyboard - Using numbers as well as letters can make a password a lot
stronger. But few users take the next step and incorporate special characters
such as!@#$%.
Writing the password
down - As we wrote about recently, an alleged
Russian spy recently learned that a strong password does no good when it's
written down and attached to the user's computer.
Staying logged in - Users may have strong passwords committed to memory and not
written down anywhere - but then give prying eyes easy access to sensitive data
by staying logged in to databases and applications when they get up from their
desks. As companies that have been hit by inside hackers know, you can't always
trust everyone you work with.
Companies often try to use password policies
to keep those mistakes from hampering security. But policies must be done right
in order to have an effect. Here are some common password policy mistakes IT
departments make:
Going overboard - Requiring users to have a new and extremely complex password
every 30 days may only encourage folks to ignore the rules or keep passwords
written down.
Getting lax - Some companies require strong passwords for users for their
initial log-ins, but then get lax on other levels of security. That gives
potential hackers only one tough password to crack, rather than several.
Not staying updated - Password policies don't always get looked at and revised very
often. So even companies with good password policies might not be including all
necessary systems.