top of page

Are Your Passwords Your Best Defense or Weakest Link?

Most people have passwords for at least 80 different sites.  In order to keep track of them all, many resort to reusing the same ones on multiple sites.  Doing so leaves one vulnerable to hackers who will use a stolen set of credentials from one site to access other sites. In fact, nearly 50% of cyberattacks last year involved weak or stolen passwords. Fortunately, applying sound password practices can stop them at the gates.


In this blog post we will cover a few of the best practices that you can follow to protect your business or personal identity. But before we do, let's take a look at the top 10 most common passwords available on the dark web.  If you have used any one of these, stop reading and fix it right now!  Don’t worry, we will wait for you to get back…


1.      123456

2.      123456789

3.      Qwerty

4.      Password

5.      12345

6.      12345678

7.      111111

8.      1234567

9.      123123

10.   Qwerty123


Now that you have fixed that, let's move on to discussing those best practices.

Password best practices


Following these simple guidelines for password creation and management is easy and inexpensive while also being the single most important security measure you can take.


Use a password manager

Using a password manager helps you create and store strong passwords for all your online accounts and avoids the temptation of reusing them. They not only help you keep track of your passwords and ensure they are unique for each account but they also assist in creating passwords that are longer and more complex.


Implement single sign-on (SSO)

Single sign-on is a popular password solution that allows users to access multiple applications with one set of credentials. This means that you only need to remember one password to access all your online accounts. Many also offer additional security features like 2FA and restricting access by IP address.


While SSO is a convenient solution, remember that all your accounts are only as secure as your SSO password. So, if you're using SSO, make a strong, unique password that you don't use for anything else.


Avoid reusing passwords on multiple accounts

As we stated at the onset, don’t make it easy for the bad actors.  Use unique passwords for each site to contain any damage from a leaked one.  And avoid jotting down your passwords on a piece of paper under your keyboard or sticky note on your monitor. This is like leaving the house key under your doormat. Bad actors and hackers aren’t just guys in hoodies working in a basement in a far-away land; anyone who has access to your workspace might be tempted to use or sell your credentials. 


Make use of two-factor authentication (2FA)

Another great way to protect your online accounts is to use two-factor authentication (2FA). The second factor provides an additional security layer beyond just the password, because it requires a second method to prove you're you. This might be a code from your phone or another device or your finger print or facial recognition. So, even if someone knows your password, the additional method can stop them in their tracks.


Don’t use the information available on your social media

Most people enjoy keeping up with friends and colleagues through social media, but this does open one up to some security risks because it can also be a source of valuable personal information for criminals.


When creating passwords, be sure to avoid using information easily found on your social media accounts. Info such as family and pet names, birth dates and other details that could be used to guess your password. Any easily guessed words and phrases should, therefore, be avoided.


An IT service provider can help you


As cyberattacks become more sophisticated, you may not be able to devote sufficient time and effort to combat them. As an IT service provider, we can help to set up a strong password practice with a password manager, 2 FA and Single sign-on.  Then, we can continually monitor your systems to make sure breaches don’t occur.


Schedule a no-obligation consultation with us today to learn more about how we can help protect you from poor password hygiene.




* Verizon DBIR 2022

4 views0 comments


bottom of page