Password Management Best Practices

Most of us have a love-hate relationship with passwords. We love that they keep our business and personal information secure, but the sheer volume of unique passwords we need makes remembering them virtually impossible. Unfortunately, the shortcuts we use for creating them play into hackers' hands as they count on our oversight and use it to their advantage.

With so much on the line, it's essential to move password management best practices to the top of your to-do list to improve the security of your business. According to the Ponemon Institute's State of Password and Authentication Security Behaviors Report (PDF), 51% of IT security respondents said their organizations have experienced a phishing attack, and 12% experienced credential theft—both attacks that take advantage of compromised passwords.

Common password mistakes to avoid

Common password practices can make a business vulnerable to cyberattacks. For example, most people choose easy-to-remember passwords that are based on personal information, like birthdays, addresses and pet names. While you may think this information is secure, it can be easily discovered by a hacker who does some online research.

And while changing out letters for numbers or symbols feels like you're making your password more secure, password-guessing software can often catch it. Another mistake to avoid is choosing a short and common word or phrase or a consecutive string of numbers or letters.

Also try not to repeat passwords across different websites, especially those that have your sensitive email and banking information. If one site is breached, a hacker could access your information on many other platforms. It's also important to avoid common passwords at your business. It takes just one person to leak a shared password, which can be difficult to track.

Password management best practices

The strongest passwords are passphrases, which include a combination of words. However, avoid common phrases, famous quotations and song lyrics. Instead, use something nonsensical that you can remember. For example, Jell04mOm!#? is a strong password because it has the recommended maximum of 12 characters for most passwords and includes both uppercase and lowercase letters, as well as numbers and special characters.

After creating your passwords, don't write them down in a place where others could find them, such as a note on your desk or a document on your computer. Anyone with physical access to your office will also have access to your business information. Also, don't allow your web browsers to save passwords. Depending on your settings, anyone who uses your computer could discover and use any of your passwords.

A helpful tool can be a business password manager that creates randomly generated passwords for all of your accounts. You then access the manager with a master password. If you choose to use a business password manager, you'll need to create a strong master password.

Also be sure to train employees on password security, and adopt company-wide policies on password creation. The Passwords In the Enterprise study (PDF) by the cybersecurity firm Balbix found that employees share more than seven passwords between their work and personal accounts, and 80% of data breaches are due to compromised, weak and reused passwords. If an employee's personal information is hacked, your business could be at risk.

While no password practice is completely failproof, using as many of these password management best practices as possible will make it more difficult for hackers to attack your accounts. Be vigilant about watching for suspicious activity, and change your passwords periodically. Hackers are out there, and the best approach to take is a defensive one.