Users continue to utilize "guessable" passwords and reuse those passwords across multiple accounts.

A survey points to one area of weakness:

When looking at the security aspect of onboarding employees, 34% said they did not receive instructions to secure their work accounts with more than just a username and password when they first started at the company they work for. https://www.helpnetsecurity.com/2024/10/01/weak-password-practices/ (Oct. 01, 2024).

Commentary

Weak passwords and/or reuse of passwords (weak or strong) are a data security weak point. 

According to the above source, more than a third of employees do not receive any instructions to secure their work accounts. Developing an on-board routine is an excellent way to fill the gap.

Many new hires possess no data security practices or weak data security practices, which elevate the risk. Organizations must make a point to place everyone on the same page, including new hires, and instill strong data security practices before employees get started.

Onboarding can include review of your organization's data security standards as well as training on data security.

An important training piece is on credentialing. Your organization should make certain your data security training stresses the need for strong passwords and the need to change of passwords routinely, especially after a breach. Make sure employees do not reuse or share passwords. 

Organizations should also take this time to introduce new hires on the importance of using multi-factor authentication.

Other password security steps include:

• Use passwords on every account and device. Never reveal your password by sending it in an email or a text.
• Before entering a password, make certain the website is encrypted. Encrypted web sites have "https" and the lock symbol in the web address.
• Make your password unpredictable with at least 8 to 12 characters. Use a mix of upper- and lower-case letters, numbers, and special characters.
• Avoid using family and pet names, birthdates, numbers in sequence or any other word or phrase that can be discovered through any online search of you or your family.
• Mix words from different languages in your password.
• Use unique passphrases instead of passwords. Passphrases are composed of multiple words, symbols and numbers.
• If one of your passwords is compromised, change all your passwords.
• Do not share passwords with anyone, including coworkers and family members. If you write them down, put them in a secure location or store them with encryption.
• Do not enable the "remember password" feature in applications.
• Change passwords at least every six months or immediately if someone else learns your password.
• If there is a breach of commercial site you use, like a bank or an online vendor, change all of your passwords immediately.
• Remember to log out of your accounts when using a public computer.
• Don't use the same password for multiple accounts.
• Do not type your password if someone is watching you input it.
• If you believe your device is infected with malware or your Wi-Fi is compromised, disconnect from the Internet, have your device screened for malware, and remove any malware immediately.