Passwords and People: The Secret Weapon Against Cybercriminals (2023)

Editor's note: We earn commissions through affiliate links on Forbes Advisor. Commissions do not affect our editors' opinions and ratings.

Passwords and people are still easy things for organizations and cybercriminals to find. according to2021 Verizon Data Breach Investigations Report61% of breaches involved credential theft and 85% involved human factors.

While many believe these statistics make people and credentials the weakest link in cybersecurity, maintaining password hygiene and empowering people to prevent cyber incidents may prove to be the best defense against cybercrime.

By incorporating password hygiene standards and security awareness training into your cybersecurity strategy, employees will have the right tools to change these statistics and become another line of defense in your organization's security stack.

Falling into the wrong hands can be disastrous, but keeping track of your credentials for all your different online services can be a pain. If you're looking for a convenient, affordable and secure solution to your password problems, check out our guidebest password managerNow on the market.

Recommended partner




free version


best security features

Availability of multi-factor authentication (MFA).



learn more

On the NordPass website


1 password

price list

Starting at $7.99/user/month (billed annually)

free version


best security features

Secret Automation Tool


1 password

learn more

On the 1Password website

A Human-Centric Approach to Password Security

Even with the best tools and security, no password policy is complete without proper training. No matter how small the responsibility, everyone has a role to play in keeping your organization and customer data safe.

When personnel are adequately prepared to fulfill their individual cybersecurity responsibilities, they can be a valuable asset to an organization's security strategy. andCyber ​​Security AwarenessTraining is more accessible and understandable, and IT and security administrators have all the tools they need to fulfill their role in cyber defense strategy.

Cybersecurity awareness training can become more complex considering the different job roles across the organization. Finance teams need to be alert to fraudulent wire transfer requests, while executive teams will be more vulnerable to phishing and BEC attacks, everyone in the organization should be able to recognize fraudulent credential phishing attacks.

What is good password hygiene?

Password hygiene is a set of guidelines and policies that, if implemented correctly, will help protect your passwords from cybercriminals. More specifically, it is the practice of making passwords unique, difficult to guess, and difficult to crack. Good password hygiene includes setting complex passwords, using unique passwords for each account, and keeping personal passwords private.

When it comes to password hygiene, there is a lot to explain. These guidelines seem simple in theory, but can be difficult to implement without the help of a password manager. After all, how can you expect to remember dozens of unique passwords, all with different complexity rules and expiration dates? The truth is, you can't and neither can your employees.

For example, a password managerNorton Password ManagerlubricantDashlandEliminate human error in password hygiene. With a password manager, your employees can generate and store unique and complex passwords, reducing the risk of credential reuse and theft.

Good password hygiene also includes using multi-factor authentication (MFA). There are multiple factors involved in the authentication process, and the password represents something you know. Adding a second factor means tying your password to something only you have, such as a one-time password sent to your phone. Therefore, an attacker would need to know the account holder's password and unique access code in order to authenticate.

Multi-Factor Authentication is becoming more common in business applications and has been an industry standard for many years.

Why is this important?

Passwords were once a security solution, but now they have become a security risk. In many cases, organizations fall victim to cyber incidents simply because employees use the same passwords at work that they use for streaming services at home.

Attackers are well aware of this, which is why most breaches involve stolen or misused credentials. Some of the most high-profile data breaches in recent years stemmed from credential stuffing attacks, in which attackers simply used previously stolen credentials in separate, unrelated breaches to gain access to systems and impersonate employees at headquarters.

Passwords are the foundation of defense against cyber incidents. If your passwords are weakened, your company's security is almost at risk. Without security controls, there is no responsibility to improve password hygiene.

As with most cybersecurity measures, the answer to the question "why does it matter?" Ultimately, it all boils down to reducing the risk of a cyber incident. With tight budgets, addressing the immediate consequences of risk is extremely important, and it's hard to find a more effective security measure than a strong password policy.

How Good Password Hygiene Can Protect Your Business

Good password hygiene can protect your business, just as any security control can protect your business. minimize risknetwork incidentAnd save your organization significant time and money in incident response.

In recent years, cybercriminals have moved away from targeting vulnerabilities in hardware and software, and instead have seen humans as the weakest link in security systems. When it comes to managing passwords, people take shortcuts, such as changing a character or two in a previously expired password or using the same password across multiple accounts. Human memory is not as powerful as that of a computer, which poses a serious security risk.

Good password hygiene can prevent these risks by eliminating weak and reused passwords. With a password manager, your organization's security will no longer depend on your employees' memories. By adding multi-factor authentication, you can treat passwords and people as assets to your organization's cybersecurity program.

how to start

The first step in password hygiene starts with having a policy. Just as there are standards for password length and complexity, there must be standards for storing and managing credentials. choose one firstpassword management softwareSatisfy your needs. Try not to sacrifice too much comfort for security; it's the usual inconvenience of password reuse.

A good password manager should be easy to use and offer great encryption. Many solutions have browser plugins that enable password autofill, strong password generators, and cross-platform synchronization. Decide which features are most important to you, then create policies for your employees.

After selecting and implementing a password manager, enable multi-factor authentication if possible. The most secure method of MFA is to use an authenticator app that randomly generates a new unique password every 30 seconds. Once setup is complete, your first task should be to create a good set of instructions. This may be their first experience with MFA, so you need to walk them through the process and explain why it's important.

the bottom line

The most important piece of the puzzle is getting it and trainingfor your organization. You can enforce any policy, but if your employees can't or don't know how to follow them, they won't. Once you've decided to adopt a strong password policy and multi-factor authentication, be sure to communicate this to your company in a way they understand. While this might add some extra steps to the login process, the right password management tools can improve your password convenience and your organization's security posture.


Top Articles
Latest Posts
Article information

Author: Foster Heidenreich CPA

Last Updated: 07/10/2023

Views: 6064

Rating: 4.6 / 5 (56 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Foster Heidenreich CPA

Birthday: 1995-01-14

Address: 55021 Usha Garden, North Larisa, DE 19209

Phone: +6812240846623

Job: Corporate Healthcare Strategist

Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling

Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.