Are your employees using weak passwords?
Are your employees using weak passwords at work? Worse yet, are they using the same password at work that they use for personal accounts, such as social networking sites? Imperva, a California data security company, recently analyzed the 32 million passwords exposed by a social networking site hacker. The analysis revealed that people still make use of weak passwords, at least on that particular site. Almost 500,000 people used either “12345,” “123456,” or “123456789.” Another nearly 62,000 people used “password” as their password. It’s not too surprising to learn that this phenomenon is widespread, and has led some sites to block the use of extremely common letter and/or number combinations as passwords.
Perhaps it is simply human nature to make convenience a priority when choosing a password, and certainly that doesn’t change just because a password is established for work purposes. Employees must develop a password that is an effective security mechanism and your company must establish standards that lead to the use of a stronger password. See that your company does all that it can to foster the establishment of strong individual employee passwords. Consider the following tips:
- Block the most simple, widely-used choices for passwords.
- Advise against the use of dictionary words.
- Allow for and require the use of combinations of characters—letters (uppercase and lower case), numbers, and special characters.
- Design automatic, periodic prompts to make your employees change their passwords.
Go beyond these best practices and establish a policy that employee passwords for work systems must be different from any of the passwords used for personal activities. Do not allow the use of the same password for different systems at work. Use of the same password for multiple applications can put all at risk. If the password for one system is exposed or obtained by unauthorized personnel, they might be able to access other systems as well.
Imperva’s report Consumer Password Worst Practices offers additional tips. In addition, they are offering a free webinar to review the results of the study on February 10, 2010.
