password security


NCSAM: Why Password Security Should Not Be Underestimated


Last week, we discussed the importance of employee education and awareness to help minimize your organization’s cyber security risks. This week’s article in our National Cyber Security Awareness Month Series will focus on another major security risk for businesses – PASSWORDS. Password security is oftentimes forgotten, leaving organizations open to attacks.

Hackers hijack or crack passwords to steal identities, access sensitive data and infect your systems with ransomware or viruses. In fact, cracked or stolen passwords are to blame in 81% of hacking-related breaches.


Types of Password Attacks

  • Brute Force – An attack method in which the hacker tries various combinations of user names and passwords repeatedly until they are able to login. This can be done either manually or by using an automated software.
  • Keylogging – A type of spyware that logs your keystrokes and where you type them. The information is then analyzed by a hacker to determine passwords and other data.
  • Phishing – An email technique used to trick employees into providing sensitive information such as login credentials. (Read more about phishing by clicking here.)


Password DOs and DON’Ts

Having a hard to crack password is the first line of defense against data breaches. But even with all the widely-known risks involved in weak passwords, people still use the most common offenders. According to SplashData, the top 5 worst passwords of 2017 were:






Businesses need to implement good password policies so employees don’t leave the organization susceptible to cyber attacks.  Below is a list of DOs and DON’Ts to consider.



Use passphrases Use dictionary words
Use a mix of upper and lowercase letters, numbers and characters Use personal info like names, birthdays, addresses or phone numbers
Have at least 8 characters Use the same password for more than 90 days
Use a different password for every account Share your passwords with coworkers
Use a password management application Store passwords in unprotected digital documents or written down in plain sight


Two-Factor Authentication

Two-Factor Authentication (2FA) adds another layer of password protection by making users go through an additional step before being able to log in. This provides another form of evidence that you are who you say you are, typically by entering a security code or pin that is sent to you via email, mobile text message or phone call. 2FA makes it harder for attackers to login to your account because they would also have to have access to your email account or another device to provide the code. And the security codes are usually only valid for a short amount of time and can only be used once.


Other Best Practices to Consider

Aside from having strong passwords and using multiple forms of verification, organizations can still be at risk. When employees resign or are terminated, it is best to deactivate their user accounts and disable any access they may have to the network (including wireless) right away. This will help safeguard your business against disgruntled employees who may have been let go and are looking for vengeance.

If you use an external IT Service Provider to support your business, another thing to consider is what their password policies are.  Does the provider use the same administrator username and password for all of their clients? Does the administrator account password get changed when their technicians leave? Do they store any passwords pertaining to your business in a password management system or secure file?


Texas Systems Group has multiple safeguards in place to protect our BrightStar Managed Service clients’ passwords. Two-factor authentication, a password management system and tight security policies ensure that your passwords are secure and help deflect cybercriminals from hacking your user accounts. To find out more information, contact us.