As we round the bend of winter and head into spring, it’s a good time to remind users of the importance of password complexity. Users need reminded that “Winter2020” and “Spring2021” are some of the most used password combinations. These commonly used passwords may still meet the password parameters set by your organization. “Spring2021” meets 3 out of 4 complexity requirements but is still a dangerous password. Using an easy to guess password, like the season and year, makes it very simple for an attacker to access systems that could contain sensitive information. Seasons and years are not the only password combinations that are easy to crack. Using words like a local sport team or name of a city are just as likely to be comprimised.
Among the use of seasons, teams, and cities we also see a lot of users using the same password when it’s time to reset by just adding a symbol or number to the end. This should also be discouraged. In the case that a user’s password has been compromised, it would not be difficult for an attacker to regain access to systems by using the same password but with an additional symbol or number.
Using a password filter to exclude the use of certain passwords is a great measure to take for more secure passwords. However, the road to strong passwords can’t stop there! We know that it can be difficult to make sure all users are maintaining safe password practices but a great place to start is with education! Posting reminders of best password practices and having regular security training will help users be more aware of their password habits. If you’re able, implement a password vault or manager throughout the organization. This will allow users to generate randomized passwords that they don’t have to remember!