In the CSID study, employees admitted they often used the same password because they were afraid they’d forget one otherwise. However, maintaining one password for many sites increases the risk that a single hack can compromise accounts in multiple locations and devices, including your enterprise’s network.

Even knowing the risks associated with poor password management, many employees in the study said they still felt secure doing so, indicating a lack of education about basic cyber security safety.

Many companies have begun instituting enforced password durations, where passwords automatically expire to reduce the risk of potential information security breaches. Even if your enterprise doesn’t force its employees to change their passwords, they should still do so every 30 to 45 days to reduce vulnerability.

While browsers and apps include the “remember password” option for convenience, it increases the risk for an information security breach. Even worse, you’re more likely to forget a username and password if a website remembers it for you.

Temporary passwords are a great way to provide information security to ad-hoc projects and other short-term scenarios, but misusing them is not. Your employees should be taught that passwords must only be shared with those they trust—and only when absolutely necessary. Most importantly, you must ensure that short-term passwords are just that. Deactivate them as soon as they’re no longer required.

Employee concerns about remembering multiple passwords can easily be solved by using a password management program like Last Pass or Dashlane. These convenient tools let you quickly and easily setup multiple passwords for different accounts.

Although each of these habits has its reasons for existing, breaking them is an important component of establishing true information security protection for your enterprise. Contact us today to request an enterprise risk assessment and vulnerability assessment.