Security · August 12, 2021

Password Management Best Practices Help Protect Your Business

Most of us have a love/hate relationship with passwords. We love that they keep our business and personal information secure, but the sheer volume we need makes remembering them virtually impossible. Unfortunately, the shortcuts we use for creating them play into hackers' hands as they count on our oversight and use it to their advantage.

With so much on the line, it's essential to move password management best practices to the top of your to-do list to improve the security of your business. According to the Ponemon Institute's 2020 State of Password and Authentication Security Behaviors Report (PDF), 51% of IT security respondents said their organizations have experienced a phishing attack, and 12% experienced credential theft—both attacks that take advantage of compromised passwords.

Common password mistakes to avoid

According to the Cybersecurity & Infrastructure Security Agency, or CISA for short, common password practices can make a business vulnerable to cyberattacks. For example, most people choose easy-to-remember passwords that are based on personal information, such as birthdays, addresses and pet names. While you may think this information is secure, it can be easily discovered by a hacker who does some online research. And while changing out letters for numbers or symbols feels like you're making your password more secure, password-guessing software is on to that trick.

Another mistake to avoid, according to CISA, is choosing a short and common word or phrase. This type of password is susceptible to "dictionary attack" software that is used to guess passwords. The same goes for consecutive strings of numbers or letters, like "12345678" or "abcdefg."

You also shouldn't repeat passwords across different websites, especially with your sensitive email and banking information. If one site is breached, the hacker could access your information on many different platforms. And don't make a habit of having common passwords at your business. It takes just one person to leak a shared password, which can be difficult to track.

Password management best practices

The strongest passwords are passphrases, which include a combination of words. However, avoid common phrases, famous quotations and song lyrics. Instead, use something nonsensical that you can remember. CISA recommends using the longest number of characters permissible. For example, "Jell04mYmother!BemY#tnemale?" is a strong password because it has 28 characters and includes the upper and lowercase letters, numbers and special characters.

After creating your passwords, don't write them down in a place where others could find them, such as a note on your desk or a document on your computer. Anyone with physical access to your office will also have access to your business information. Also, don't allow your web browsers to save passwords. Depending on your settings, anyone who uses your computer could discover and use any of your passwords.

A helpful tool can be a business password manager that creates randomly generated passwords for all of your accounts. You then access the manager with a master password. If you choose to use a business password manager, you'll need to create a strong master password.

Also, be sure to train your employees on password security, and adopt company-wide policies on password creation. The Passwords In the Enterprise study (PDF) by the cybersecurity firm Balbix found that employees share more than seven passwords between their work and personal accounts, and 80% of data breaches are due to compromised, weak and reused passwords. If your employee's personal information is hacked, your business could be at risk.

While no password practice is fail-proof, using as many of the password management best practices as possible will make it more difficult for hackers to attack your accounts. Be vigilant about watching for suspicious activity on your accounts. And change your passwords periodically. Hackers are out there, and the best approach to take is a defensive one.


Financial insights for your business

No results found

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.