The title of this article seems pretty obvious, right? It is. Of all the security measures you need to enforce at your organization, the top three absolutely are as follows:
- Do not use an easy password. If you use password123 or something easy to guess, stop reading this right now and change it.
- Do not write down your password. If you cannot remember it, use a password manager like LastPass.
- Do not share the plain text of your passwords, EVER. I’ve even heard the now legendary story of how Leo Laporte of TWiT had their web manager write a webpage in plain HTML with all of the passwords to everything for the company. No, no, no. Not via email, Slack, or text message. Just share it via LastPass. AND, you can hide what the password actually is.
Seems like a short and smart list, right?
There Are Those Who Share Among Us
Even though this would seem common sense, it happens. And WAY more often than it should. LastPass looked into this to see how bad it was.
According to one survey, 32% of employees share passwords with others. In our own research, we found that most of those passwords are shared verbally – 74%, in fact – while another 15% are written down. In other words, people often share passwords with others, and do so in a way that’s unsafe and inefficient.
Through their research, which you can see easily displayed in this infographic here, the top passwords shared include wi-fi passwords (58%), streaming services (48%), financial passwords (43%), and email or other communications (39%). Who cares if you have a strong password. If you share it or write it down, people can get access to it.
So if you are part of this group, change it. If you aren’t but your organization doesn’t have a policy against it, you should adopt one today. And please get a password manager and use it.
What scary security problems do you see organizations having regularly that could be easily fixed?
Steven Gliebe says
It’s nice that with WordPress when you make a new user it won’t send the user the password but it will send a link to choose a new password.
This is handy too if you set a passphrase to encrypt the data and don’t email that passphrase (something you and the receiver both already and only know): https://onetimesecret.com
You know what’s shocking? That we’re all still using email to communicate as insecure as it is. You’d think something newer and more secure would be the standard by now.