Why Password Policies aren't Enough

Date Published
Feb 22, 2018 3:55:40 PM
Reading Time
Reading Time: 1 min
Password Policy

Password PolicyNo matter how much training your users have received regarding cyber-security, it has been proven time and time again that they are the biggest threats to your cyber defense. Users are not good at choosing passwords. The most commonly used password of 2017, "123456", has now held the number one position for four consecutive years.

In an effort to combat this, many companies now require you to use characters such as numbers, capitalization, special characters (!@#$%^&*), and more to "secure" your password. Because it is harder for users remember these passwords compared to their previous password of their birthday, dog's name, or favorite sports team, they usually do one of two things:

1. Record their passwords on their computer so they can pull it up when necessary

2. Use the newly created password universally for all of their accounts.

Both of these practices are dangerous and really show that no matter what password policy you have in place, it isn't enough.

Two in every five people have a password stolen from them each year. 54% of users have five or fewer passwords across their entire life. 21% of people use passwords that are over 10 years old. Needless to say, if your password gets stolen, you could be in big trouble.

If you've recently faced a cyber attack and been given the advice of implementing a password policy, just know that it is not enough. Creating complex passwords have their place but don't assume it's a catch all when it comes to cyber-security. Enter layered internet security...

Introducing Layered Internet Security

Users are facing cyber attacks from all vantage point including phishing, smart technology, network attacks, mobile devices, malware/ransomware, and more. Protection from these attacks demands layered security. Layered security is the process of protecting your assets at every layer of technology. For example, a layered cyber-security system would include a firewall, endpoint protection, mobile protection, anti-virus, and more.

Organizations must continue to take proactive steps to prevent cyber attacks, such as education and policies for things like passwords, but they must assume and prepare for the worst. There is only so much you can do to prevent a cyber-attack which is why it is necessary to have defenses in place to protect your assets in the event of a cyber breach.

 Want to see how your cyber-security stacks up? Sign up for our Free IT Assessment:

Free IT Assessment

You may also be Interested in the Following Blogs:

Follow Pine Cove On Social Media

For news, satire, and information.