People continue to pick bad passwords. It may seem implausible but “123456,” “qwerty,” “admin,” and “password” remain commonly chosen passwords. Just as confounding, even after a breach, there’s evidence that people aren’t changing, or still use the same old password, to access multiple sites. A leading security firm reports that 70% of violated users were still reusing the same exposed usernames and passwords.
Reused passwords are a potential security problem because, if a password has been compromised once, then hackers can use it to access other accounts.
One way to combat this is to enable multi-factor authentication. Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts, users are required to provide additional identity verification, such as facial recognition or a code sent to a phone.
In addition, ask your staff to change passwords to include the following:
- At least eight (8) characters.
- Words or phrases that cannot be easily guessed.
- Combine at least one character from these types:
- English uppercase letters (A-Z)
- English lowercase letters (a-z)
- Base 10 digits (0-9)
- Non-alphanumeric (` ~ ! @ # $ % ^ & * ( ) _ + – = { } | \ : ” ; ‘ < > ? , . / and space)
Source: zdnet.com
In closing, impart wise words to inspire your staff to make a password change. Old passwords are worth forgetting!