People continue to pick bad passwords. It may seem implausible but “123456,” “qwerty,” “admin,” and “password” remain commonly chosen passwords. Just as confounding, even after a breach, there’s evidence that people aren’t changing, or still use the same old password, to access multiple sites. A leading security firm reports that 70% of violated users were still reusing the same exposed usernames and passwords.

Reused passwords are a potential security problem because, if a password has been compromised once, then hackers can use it to access other accounts.

One way to combat this is to enable multi-factor authentication. Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts, users are required to provide additional identity verification, such as facial recognition or a code sent to a phone.

In addition, ask your staff to change passwords to include the following:

• At least eight (8) characters.
• Words or phrases that cannot be easily guessed.
• Combine at least one character from these types:

1. English uppercase letters (A-Z)
2. English lowercase letters (a-z)
3. Base 10 digits (0-9)
4. Non-alphanumeric (` ~ ! @ # $ % ^ & * ( ) _ + – = { } | \ : ” ; ‘ < > ? , . / and space)

Source: zdnet.com

In closing, impart wise words to inspire your staff to make a password change. Old passwords are worth forgetting!