Are Your Passwords Putting Your Business at Risk? Here’s How to Fix That on World Password Day

Are Your Passwords Putting Your Business at Risk?

As World Password Day approaches, it’s the perfect time to examine whether your organization’s password security practices are helping to protect your valuable information—or leaving the door wide open for cybercriminals.

Are your employees guilty of these password faux pas?

The Most Common Employee Password Mistakes (At a Glance)

  • Reusing passwords
  • Including personal information
  • Choosing passwords instead of passphrases
  • Not being smart about special characters
  • Sharing passwords

Odds are, at least one person in your business is making at least one of these mistakes. It might sound minor, but it only takes one successful cyberattack to ground a small business.

So what should they be doing instead? Here are five of the best password practices for employees to follow.

Password Security Tip #1: Change Reused Passwords

We’re all guilty of it. You create one strong password for one account and then figure, ‘What’s the harm in using it for another account’? Then another, then another, and before long you’ve got tens of different platforms using the same login details.

Why Recycling Is Risky Business

In a business setting, this practice creates a dangerous domino effect. When cybercriminals obtain credentials from one breached service (which happens with alarming frequency), they automatically gain access to every account sharing those same credentials. This could include your company email, financial platforms, customer databases, and other sensitive systems.

On World Password Day, take the opportunity to audit your accounts and replace any duplicated passwords. Encourage employees to do the same by making it a company-wide initiative—perhaps even offering incentives for those who complete the task promptly.

Tip #2: Take Out Personal Information

Your partner, your kids, your pets, your vintage Camaro—we all want to keep the ones we love close to us. But they don’t belong in your passwords.

Personal information might make passwords easier to remember, but it also makes them significantly easier to crack. With the prevalence of social media, cybercriminals can easily gather details about your life through simple research. That cute photo of fluffy little Nala on your public Instagram? It just did half the hackers’ work for them.

Ditch the Discoverable

Better password security begins with understanding that anything readily discoverable about you should be excluded from your credentials. Ensure your team understands this principle by making it a clear part of your standard password policies for employees.

Tip #3: Choose Passphrases Instead

Rather than struggling to remember complex passwords, consider implementing passphrases throughout your organization. A passphrase is a sequence of words or text that creates a memorable but lengthy authentication string.

For example, instead of a password like “Company2023!” (which would take a computer seconds to crack), a passphrase like “purple-elephant-battery-staple” offers significantly stronger protection while being easier to remember. This piece from Lifewire showcases a few other examples of turning a password into a much stronger passphrase.

Why Passphrases Make a Cracking Alternative

Passphrases work better than traditional passwords because:

  • They’re typically longer (increasing complexity without sacrificing memorability)
  • They can incorporate spaces and punctuation naturally
  • They’re easier to remember than random character strings
  • They’re less likely to be written down or stored insecurely

Implementing passphrases is one of the most effective strategies for reducing business risks associated with credential theft. Just don’t use any personal details in them!

Tip #4: Be Smart About Special Characters

Swapping ‘a’s for ‘@’s and ‘1’s for ‘!’s might seem smart. It makes the change easier to remember, sure—but it’s not like cybercriminals will be bamboozled by this tactic.

These predictable substitutions—sometimes referred to as ‘munged passwords’—are built into some of today’s password-cracking algorithms. Teaching your employees how to properly incorporate special characters (any characters that aren’t A-Z or 0-9) can significantly improve their password hygiene.

Incorporating Special Characters More Carefully

Special characters do help strengthen passwords. Instead of obvious substitutions, encourage:

  • Placing special characters in unexpected positions within the password
  • Using less common special characters (such as ^ or %)
  • Avoiding patterns that follow typical substitution rules

This is all better learned through doing, so consider running a brief, interactive training session on creating truly strong passwords this World Password Day.

Tip #5: Never Share Passwords

Telling someone else your password creates accountability issues and significantly increases your exposure to risk. Even sharing credentials with trusted team members compromises your security posture (and makes tracing the source of potential breaches nearly impossible).

Similarly, you should never write down your passwords. All it takes is one stray Post-it to end up in the background of a team picture that goes up on your social media, and your credentials are revealed to the public.

The Necessity of MFA

The risk of passwords being exposed is why it’s also important to enforce multi-factor authentication (MFA) throughout your organization. Even if someone does discover someone else’s password, they won’t be able to access the account without a second verification source.

The best password practices for employees include a strict no-sharing policy, with proper access management systems in place to handle situations where multiple team members need access to the same resources.

Don’t Forget: Common Sense Isn't Common Practice

Of course, most people know that “123456” is an incredibly ill-advised password choice, and obviously they realize that “password” offers about as much protection as a paper lock on a bank vault. But there’s a reason those two continue to top most-used password lists worldwide: they’re easy.

The ‘smart’ thing to do isn’t always what we actually end up doing, especially when we’re tired. Coming up with a strong set of credentials that follows password best practices might be achievable once or twice, but when you’ve got to then do it for 15-20 accounts at work and another dozen at home, it becomes a chore.

The Power of Password Managers for Reducing Business Risk

The most effective way to implement strong password security while reducing the burden on your team is to use a password manager.

These are essentially virtual vaults that store your credentials securely and let you fill them in automatically whenever you need to log in. They solve several problems at once:

  • They generate complex, unique passwords for each account
  • They help identify weak or duplicated passwords across accounts
  • They can be used across devices (work computers, smartphones, tablets)
  • They automatically fill credentials, eliminating the need to remember multiple passwords
  • They provide secure sharing options when credentials must be used by multiple team members

By implementing a password manager company-wide, you take the responsibility out of individual employees’ hands while dramatically improving your security posture.

Bonus Tip: Most password managers offer both free and paid plans, with business versions providing additional administrative controls and security features. The investment is minimal compared to the cost of a potential data breach.

Concerned About Your Team’s Password Hygiene?

Educate your employees with cybersecurity awareness training.

Our interactive sessions cover phishing identification, social engineering tactics, safe browsing practices, and, of course, password best practices. With both in-person and virtual options available, we’ll equip your employees with the knowledge they need to become your strongest security asset—not your biggest vulnerability.

Learn more about our training sessions here.

Act Wisely This World Password Day

As you consider your organization’s approach to data safeguarding, World Password Day provides the perfect opportunity to implement changes that will significantly reduce business risks.

Start by auditing your current password practices, implementing a password manager, and providing focused training on best password practices for employees. These relatively simple steps can dramatically improve your security posture and protect your business from increasingly sophisticated cyber threats.

In 2022, Hadley and her husband Corbitt decided to return to St. Louis to join the family business. As part of the second generation, Hadley brought fresh perspectives from her time at AT&T and was drawn to helping the company grow the right way by implementing scalable systems and processes, while maintaining the core value-centric culture.
 
As a Project Manager, Hadley facilitated technical projects and the development of interdepartmental playbooks while gaining a deep understanding of the inner workings of the business operations. Now, as the Project Management Lead, Hadley is known for her driven, process-oriented leadership and her dedication to finding solutions for every challenge no matter how daunting it may first seem.

Born in Yokohama, Japan, and raised in Malaysia and St. Louis, Corbitt developed a unique global perspective. He graduated from Randolph-Macon College with a degree in Political Science and Spanish where he was a member of the men’s basketball team.

Before joining Anderson Technologies, Corbitt built a successful career at AT&T which initially started in the B2B Sales Development Program – a highly-competitive sales training where he was stack-ranked against his 100+ peers based on quota attainment to determine where in the company one was placed. In Chicago, as part of the National Fiber Organization, he became a top-performing sales professional, selling AT&T’s fiber, networking, and cybersecurity services and learning the value of relationship building, perseverance, and grit. Later, as a Senior Sales Solutions Engineer at AT&T headquarters in Dallas, he refined his technical expertise, leadership skills, and consulting abilities.

Currently pursuing his MBA at Washington University in St. Louis, Corbitt blends strategic thinking, technical knowledge, and a client-first approach to help Anderson Technologies continue serving companies and organizations across the country.

Corbitt Grow Headshot