Reused Passwords Are a Security Risk to Your Organization

Some people in life will have to learn by experience, and for some, even experience doesn’t teach the necessary lessons. Unfortunately we see this proven true when it comes to breaches and password use.

We’ve talked about healthy password practices on our blog at length – the importance of unique passwords, avoiding password sharing, and using multi-factor authentication.  

What we’re seeing in real life is that  even after people are breached, they continue poor password practices and the use of “garbage” passwords. According to a new report by SpyCloud, based on 1.7 billion username and password combinations gathered from 755 leaked sources in 2021, the report estimates that 64% of people used the same password that was exposed in one breach for other accounts.

Why are re-used passwords a security risk?

If a password has already been compromised in a breach, hackers can now use it across any account to gain entry. This poses a huge potential security problem if a hacker uses the same password to sign in on another site. It also makes mitigation after a breach much more difficult if that same breached password is being used across multiple sites.

What is a risky password? 

  1. “Easy to guess” passwords might include your name, date of birth, part of your social security number, or other personal information that can be linked back to you.
  2. Passwords that are not unique – you are using them across multiple sites or for multiple log-ins.
  3. Passwords that are being shared across personal and business/organization platforms (passwords should be different for personal vs. business use).
  4. Passwords that are shared with other individuals (here’s why we recommend avoiding password-sharing).
  5. Passwords that fall on this most commonly used passwords list.
  6. Log-ins/passwords that do not use multi-factor authentication to keep them secure (we talk about the importance of multi-factor authentication here. In short, it’s one of the best ways organizations can protect themselves from breaches).

At PK Tech, we recommend two essential best practices for passwords: (1) the use of multi-factor authentication at all times across all accounts and networks, and (2) no password sharing – avoid it at all costs. 

If your organization is looking to secure your online presence in 2022, PK Tech can help. In addition to providing tips to protect your organization, we provide comprehensive IT security for businesses in the Greater Phoenix Area. You can get in touch with our team here.