Many websites and online services have users sign in to their account with an email address-based username. While this makes it easier for people to remember their login information, it also makes it easier for hackers to gain access to users’ accounts. And when this login information contains weak passwords, hacking into the accounts becomes child’s play for cybercriminals.
Using weak passwords in combination with email address-based usernames is especially problematic for companies because employees’ email addresses are often on business cards, marketing materials, and other business documents. While you have no control over whether websites and online services use email addresses or unique usernames for login information, you and your employees can avoid using weak passwords.
What does a weak password look like? Below are the passwords that made SplashData’s top 25 "Worst Passwords of 2016" list, organized by similarity rather than ranking. (The quotes are not part of the passwords.)
- "password", "passw0rd", and "password1"
- "qwerty" and "zaq1zaq1"
- "princess" and "solo"
- "admin" and "master"
- "sunshine" and "flower"
- "hottie" and "loveme"
- "1234", "12345", "123456", "1234567", "12345678", and "1234567890"
Cybercriminals can crack weak passwords like these in seconds using a brute-force password-cracking tool or software that systematically tries every word in a dictionary as a password. So, if anyone in your company is using passwords similar to these, those passwords should be changed immediately.
To create strong passwords, have your employees follow these guidelines:
- Make sure the password is at least eight characters long — the longer, the better.
- Do not use words found in a dictionary, proper nouns, or foreign words.
- Do not use passwords that incorporate business or personal information (e.g., company’s name, pet’s name) as it is easy for cybercriminals to find this information on social networks like LinkedIn and Facebook.
- Use uppercase and lowercase letters.
- Use numbers but not in a predictable pattern.
- Use special characters (e.g., percent sign, exclamation point, dollar sign) when possible.
- Make sure the password is unique and not a variation of a password used for another account.
An example of a strong password is "h$&Pm3&%TzEnkf7k". On an average computer, it would take a cybercriminal more than 10,000 centuries to crack this password using a brute-force password-cracking tool, according to Kaspersky Lab’s password checker.
If your employees are having trouble coming up with unique, strong passwords for their accounts, we can recommend a password manager that they can use. Password managers automatically create strong passwords and securely store them.
About CHIPS Computer Services
CHIPS Computer Services is an award winning Managed Services Provider specializing in help businesses increase efficiencies and profits by levering properly managed technology. To learn how CHIPS can help your business, email us at email@example.com to schedule no cost business technology assessment.