Don’t risk it: password security tips to keep your business and team safe

Hate passwords? You’re not alone, but they’re a necessary evil. Consider this: just one weak password leaves your business and your employees vulnerable to data breaches that in 2024 cost a global average of $4.88 million per incident to remedy. And strong passwords can help prevent this.

There’s no way around it: strong passwords play an important role in protecting accounts from hackers and cybercrime impacts. Despite alternatives like passkeys and facial recognition, passwords are still the most widely used authentication method. As an employer, you’ll want to educate and provide tools for basic internet safety tips, a password policy and password management to help protect your business, yourself and your employees. Let’s take a look.

Why use strong passwords?

While most websites are secure, there remains a small chance that a hacker will successfully breach them.

A data breach can be crushing for businesses and individuals alike. If an individual gets hacked, all that person’s information is now up for grabs to the public. A breach such as this means the individual is at risk of identity theft, improper use of their credit, vulnerability in their bank accounts, and even the possibility of their personal photos being put to malicious use.

When a business has a data breach, your employees, customers, vendors and more have their data exposed and stolen—not to mention the business’s information and data. The costs associated with fixing this are astronomical, not to mention customers and business partners losing trust in the brand—something that can’t be easily repaired.

No one wants to be the weak link in any of these scenarios, yet there almost always is one. Considering that hackers can crack 70 percent of weak passwords in less than one second, it’s not a matter of if but when. And it can easily be prevented by using strong passwords.

Best practices for good passwords

Creating strong passwords is not rocket science. With a little education, you can help your employees create strong passwords that reduce the risk of potential threats. Here are some key password tips:

Use a long password

When it comes to password protection, length matters. In fact, it’s one of the top elements of strong passwords. The longer and more complex the password, the better. Why? Because it takes criminals much less time to crack a four-digit PIN than it would a password with a combination of 16 numbers, upper- and lower-cased letters and symbols.

Come up with random paraphrases

Another way to create safe passwords is to use long paraphrases. In the past, the recommendation was to string three random words together to create a passphrase that provides greater password security. That recommendation has changed.

In keeping with longer passwords, now the recommendation is to string four to seven random words together for a passphrase. But you can even take that a step further and make a four to five word paraphrased password. This will keep it somewhat easy to memorize and make it nice and long and harder to crack. An example is instead of using the words owl red score gemini back try shortening them to: olrdscgembck. If a symbol is required, add one: olrdscgem&bck. If a capital letter is required, do that too: olrdscGem&bck.

Utilize random passwords

Randomized passwords are always good passwords. You know, those passwords with a bunch of symbols, numbers, and upper and lowercase letters in no apparent order. While impossible to memorize, these lead to better password security because they aren’t designed with any specific pattern or common and identifying words or numbers.

Employ a password manager

But how do you manage multiple passwords you can’t remember? Considering that a recent study by NordPass found the average person has 168 passwords for personal accounts and 87 for work accounts, there is no way one person can remember that many passwords—especially randomized ones. And you don’t have to.

Using a password manager is the best way to create and keep track of long, strong passwords, but it can also do more. A password manager can generate randomized passwords and fill in your password and username as you jump from site to site or app to app, and it can alert you when you have a reused or weak password. In fact, the only password you need to remember is the one you use for the password manager itself. And make sure that one is long and strong.

You can find free or low-cost password managers for businesses. Just make sure to compare options and read reviews to find one that matches your exact business needs. Check out this comprehensive list from PCMag to get started.

Common password mistakes

When making a password, learn from the experiences of others to avoid these common mistakes. Any of them can lead to a data breach situation you’ll want to avoid at all costs.

Avoid the use of personal information

In an attempt to make passwords easy to remember, many people resort to using words and numbers that are personal to them, such as family names, address numbers or street name, birthdates and pet names. Avoid this, as well as common dictionary words. Remember, hackers are smart and can find out a lot about you online through social media and public records.

To avoid this common mistake, try weaving a fictional name with a food or color. For example, intertwine Oscar and Pizza to come up with OspiCazzRa.

Avoid using simple patterns

A simple pattern is easy to guess. Something like 121212ababab is just way too easy. Instead, opt for a generated password. Some password managers can do that for you; if not, you can try the random password generators offered in the Chrome, Firefox, Microsoft Edge and Safari browsers. If you’re on a mobile device, you can opt for the password generator on the operating system for that device, too.

Don’t reuse passwords

Once you have a good password, don’t reuse it. Yes, having a different password for everything can be annoying, but if you reuse the same password and it gets hacked, cybercriminals have access to not just one application or account but many. To best protect your business and yourself, make sure employees use a different password for every account and app. That way, if one account is hacked, your others will still be safe.

Never store passwords on a computer

Finally, it should go without saying, but you should never share your password. Beyond that, you should never copy and store your passwords on a computer. If your computer gets hacked, there goes your entire list of passwords. This is where a password manager is a much better solution for your employees.

Make a password policy

As an employer, it’s your job to guide employees on what is expected regarding creating strong passwords, using a password manager and secure business communications. By creating a password policy, you outline your expectations and how employees can meet them. We suggest using our outlined best practices, providing a strong password manager for all employees to use and educating employees not just on password security but also on things like ways to prevent phishing attacks and secure business communications.