Despite advancements in security technology, many individuals and organizations continue to use weak passwords and password reuse, contributing to a thriving market for stolen credentials.

Here are just a few of the issues:

• The most common authentication methods, such as username and password and mobile SMS-based authentication, are highly susceptible to phishing attacks. A significant percentage of employees did not receive instructions to secure their work accounts with more than just a username and password when they first started at their organizations.
• Multifactor authentication (MFA) and the use of passwords are the most used fraud prevention methods. However, physical analytics, PINs sent to mobile devices, and behavioral analytics evoke a higher sense of security among consumers.
• Many individuals still rely on memory or pen and paper for password management. A large percentage of respondents globally reuse passwords across multiple accounts and use personal information in their credentials, which are publicly accessible on social media and online forums.
• A significant number of global users have experienced security breaches or data loss because of their password habits. There is a critical need for enhanced awareness and education about better cybersecurity habits at home and work.

https://www.helpnetsecurity.com/2024/10/01/weak-password-practices/

Commentary

Same song and dance . . . employees are not protecting their work accounts, but not all the fault rests on the shoulders of employees.

Employers need to bear the some of the burden to make certain that their employees protect their work accounts.

The above source highlights that the most common authentication methods, such as username and password and mobile SMS-based authentication, are highly susceptible to phishing attacks.

This vulnerability makes it easier for cybercriminals to gain unauthorized access to sensitive information and systems. Therefore, employers have a vested interest to make certain employees harden their credential security to work accounts.

Additionally, according to the source, many individuals still rely on memory or pen and paper for password management, which increases the risk of password reuse and the use of weak passwords. This practice makes it easier for attackers to exploit these weak credentials across multiple accounts, leading to a higher likelihood of security breaches.

Employers should recognize the critical need for enhanced security measures to protect against these threats. By instructing employees to use multifactor authentication (MFA) and other advanced security methods, organizations can significantly reduce the risk of unauthorized access and data breaches. MFA, for example, adds an extra layer of security by requiring users to provide additional verification, such as a fingerprint or a one-time code sent to a mobile device, making it much harder for attackers to compromise accounts.

Employers should also consider enterprise password management for all employees. This would help reduce the risk of weak credentials across multiple work accounts.

The final takeaway is that employees do not start work with solid data hygiene practices, including credential security practices. It is up to employers to create standards and policies that mandate those practices.