Password Security
Password Security
Protecting your accounts starts with strong password habits. Here's what every team member needs to know and do.
Weak or reused passwords are one of the most common ways attackers gain access to business accounts. Once inside a single account, bad actors can access sensitive data, impersonate employees, and move laterally across systems. A few simple habits eliminate the majority of this risk.
Use a strong, unique password for every account Never reuse passwords across sites or systems. If one account is breached, reused passwords hand attackers the keys to everything else.
Try a passphrase instead of a password Four or more random words strung together — like coffee-lamp-river-desk — are longer, harder to crack, and easier to remember than a short jumble of symbols.
Use a password manager A password manager generates and stores strong, unique passwords for every account so you only have to remember one master password. Recommended options: Google has this built in.
Never share passwords Passwords should never be shared via email, text, or chat — not even with IT. Legitimate support staff will never ask for your password.
Change passwords immediately if compromised If you suspect an account has been accessed or you receive a breach notification, change the password right away and notify IT. And change your passwords EVERYWHERE! If they've gotten into one, they can probably get into any account.
Visit haveibeenpwned.com and enter your email address. This free tool checks whether your email has appeared in any known data breaches. If it has, change the passwords for any affected accounts immediately.
If you're unsure whether an account has been compromised, contact IT. It's always better to ask than to assume everything is fine.