Passwords are your weakest link

How strong are your business’s passwords?

Safeguarding your organization’s online assets is critical in today’s digital world. Unfortunately, poor password practices by employees can leave businesses big and small vulnerable to hackers.

Cybercriminals are constantly trying to find new ways to break into business systems. Sadly, too often, they succeed thanks to weak passwords. Nearly 50% of cyberattacks last year involved weak or stolen passwords.* This calls for businesses to step up and take password security seriously and implement strong password policies.

Fortunately, you can follow a few best practices to protect your business. Before we get into those, here are the top 10 most common passwords available on the dark web that you should avoid at all costs:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. Qwerty123

Password best practices

When your team is aware of password best practices, they can significantly ramp up your cybersecurity.

Use a password manager

Using a password manager is one of the most important things to keep your passwords safe. “If you can remember your passwords, they aren’t strong enough,” says Jeffrey Schulz, one of our Senior Technology Consultants. A password manager helps you create and store strong passwords for your online accounts. Password managers can also help you keep track of your passwords and ensure they are unique for each account. At Chortek, we use and recommend 1Password and we can help you implement the business version of this product.

Implement single sign-on (SSO)

Single sign-on is a popular password solution that allows users to access multiple applications with one set of credentials. You only need to remember one password to access all your online accounts.

While SSO is a convenient solution, remember that all your accounts are only as secure as your SSO password. So, if you’re using SSO, make a strong, unique password that you don’t use for anything else.

Don’t reuse the same password for different accounts

Hackers have optimized their processes for efficiency, too. If a hacker gains access to one of your accounts, they will try to use that same password to access your other accounts. “Yes, we all have a thousand different online accounts and mobile apps that require a username and password (and hopefully multifactor authentication), but if the one password (or simple variation of it) gets exposed … you’ll spend hours, maybe days, changing that password in every account and app it was used,” explains our Client Success Manager, Mark James. By having different passwords for different accounts, you can limit the damage a hacker can cause.

However, avoid jotting down your passwords on paper and instead depend on a safe solution like using a reliable password manager.

Make use of two-factor authentication (2FA)

One of the best ways to protect your online accounts is to use two-factor authentication (2FA). In addition to your password, 2FA requires you to enter a code from your phone or another device. Even if someone knows your password, this method makes it much more difficult for them to hack into your account.

While 2FA is not perfect, it is a robust security measure that can help protect your online accounts. We recommend that you begin using 2FA if you haven’t already. If you use 2FA, make sure each account has a strong and unique code.

Don’t use the information available on your social media

Many people use social media to connect with friends and family, stay up to date on current events, or share their thoughts and experiences with others. However, social media can also be a source of valuable personal information for criminals.

When creating passwords, you must avoid using information easily obtainable on your social media accounts. This includes your name, birth date, and other details that could be used to guess your password. Taking this precaution can help keep your accounts safe and secure.

A Managed IT Service Provider can help

As cyberattacks become more sophisticated, you may be unable to devote sufficient time and effort to combat them. As a Managed IT Service Provider, we can ensure your team creates strong passwords, stores them securely, and changes them regularly.


* Verizon DBIR 2022