5 Surefire Ways to Get Your Passwords Stolen

Credit: Rallef/Shutterstock

Keeping company data and employee information secure is more important than ever, experts say.

Joe Siegrist, CEO and founder of the password management provider LastPass, said that recent high-profile data breaches, such as Target, PF Changs, TJ Maxx and StubHub, should serve as a reminder to businesses that not keeping customer information protected can have grave consequences.

"Corporate systems are only as secure as their weakest passwords," Siegrist said. "Businesses stand to lose not only money, but also critical assets and customer trust."

Siegrist said there are several password mistakes employees should avoid:

• Not tracking passwords: As businesses use such a wide range of tools and services, it can become overwhelming to keep track of each one's username and password. Without a system in place to track each account and who has access to each one, employees usually end up interrupting a co-worker to see if he or she has the info, or calling the IT department to have them reset the password. It's critical that both the employees and company know the sites, tools and services with which they're registered, Siegrist said.
   
• Not properly storing passwords: Tracking systems —  through either a paper or digital tool, such as a password manager — isn't enough, Siegrist said. Writing down passwords on sticky notes and posting them on monitors, or jotting down a group password on a whiteboard for the office to see, is extremely dangerous, as these are invitations for someone to tamper with secure information, he noted. Even password managers aren't free of danger, as they often don't prompt users for a master password by default, which leaves stored passwords exposed and usable. To be as secure as possible, all passwords and accounts should be logged in one safe place that can be controlled and locked down, Siegrist said.
   
• Sharing passwords: While many companies might not think twice about having a team of employees share an account, it can cause immense problems if one (or more) of them were to leave. If a former employee has access to those accounts, there's a potential for damage to be done either to the brand or to customer data, Siegrist pointed out. Additionally, if information is leaked or customer data is compromised, it may be impossible to track who is responsible if the password has been shared among several employees.
   
• No personal and work separation: Reusing passwords can cause big problems. By using the same password on both a personal account and a work account, an "insignificant breach" to an online retailer could lead to a very significant breach of a work account, Siegrist said. Using a unique password for each site can be difficult, but it ultimately helps reduce the risk that work accounts will be compromised.
• Minimum requirements: The length and complexity — the combination of character types in random sequences — are the most important factors in creating secure passwords, according to Siegrist. Since most password requirements are tedious, employees are primarily concerned with just remembering them. In order to do so, they often default to the bare minimum required. Without tools to help employees create and remember stronger passwords, the minimum is usually all they can handle, Siegrist noted.