Is your small business properly managing its passwords?

Imagine for a second that you equip your home with a state-of-the-art security system in order to keep out unwanted guests. If a thief so much as opened a window to crawl through, your system would detect their actions and alert authorities.

But, regardless of this advanced security system, you also left your front door unlocked and wide open, so that pretty much anyone could walk right in.

That’s exactly what you’re doing to the IT infrastructure of your business when you don’t properly manage passwords.

So many IT solutions require login credentials, and these are often shared with wide swaths of your company’s workforce. When passwords fall into the wrong hands, or someone manages to hold on to their access even when they shouldn’t have it anymore, you’re essentially handing over the keys to your sensitive information.

This is such a painfully simple, and easy-to-correct, concept but one that affects many small businesses. Today, we’re going to pick through some common mistakes that small businesses make with their password management practices and steps they can take to more effectively handle this area of cybersecurity.


Common password problems (do any of these sound familiar?)

When it comes to managing passwords and login credentials for various IT solutions at your business, here are some common practices that can actually make you more susceptible to cyber security issues.

  • Weak passwords: You might get frustrated when an application forces you to create strong passwords to log in. This might mean including a capital letter, number and symbol. It’s actually important to create sophisticated passwords because they are tougher to guess or even hack. Creating passwords with words or phrases that come from your professional or personal life are too easy to guess. Recycling old passwords is also a no-no.
  • Using default passwords: When you set up an IT solution, default login credentials are often used. Many times, these default credentials are never changed, so that solution becomes easily accessible by anyone that might have been trained to use it.
  • Widely sharing passwords. Login credentials should only be accessible to those that need them, not accessible on a company-wide basis.
  • Passwords that are stored on public computers or used on individual devices. To make life easier, most web browsers allow you to store login credentials. If this is done on a computer used by many others, it gives users easy access. Also, due to a rise in telecommunication and working remotely, many employees might use passwords on their own devices, which may not be secure. They also might be connected to an unsecured public network.

While some of these practices might be convenient and save you time, they’re simply not strong cyber security measures. If these are ingrained in the way that your company does business, reexamine how you manage passwords.Create strong passwords — and secure them

Aside from avoiding the practices above, the following are some ways that you can bring strength and security to your passwords.

  • Use a password manager. This is a tool that not only stores your passwords so you can easily recall them, but helps you create strong passwords. A password manager is a worthwhile investment for just about any business.


  • Use two-step verification: Two-step verification means that a password alone won’t give a user access. The person trying to sign in must have the password and then they can verify their identity through text message or email prompts.
  • Create long passwords – and don’t change them: Don’t be afraid to use long passwords — long passwords can also be easy to remember. Changing passwords often might seem like a good idea, but it can make passwords difficult to remember, as well.

Various applications are password protected for a reason. Get a handle on who accesses this information by being mindful of how your business handles passwords.