Monday, September 25, 2023
HomeProtectPasswords Shouldn’t Be as Easy as 1-2-3-4 

Passwords Shouldn’t Be as Easy as 1-2-3-4 

This is the latest installment of our Cybersecurity Awareness Month series of blog articles designed to give you helpful tips and best practices to keep your data safe from harm. Previous editions:

Using passwords for our computer systems – both at home and at work – has had a long and checkered history. Ever since the first digital password was used at Massachusetts Institute of Technology in 1960, millions of people around the world have grown accustomed to creating a password to get into many digital systems. It’s become as common as breathing, and by and large many have tried to take shortcuts with their passwords to save time.

Recent studies back this up, and here are some scary statistics to keep in mind:

  • 53% of people rely on their memory to manage their passwords
  • 51% use the same passwords for their work and personal accounts
  • 57% of people who have been scammed in phishing attacks still haven’t changed their passwords
  • 23 million (yes, million) account holders still use the password “123456”
  • The average password has eight characters or less


Given the state of password security and management, it’s not surprising that 90% of internet users are worried their passwords will be hacked. Unfortunately, the reality is that passwords are the entry point into companies’ environments, which host a treasure trove of data and confidential information. Having a plan to make sure passwords are as secure as they can be – and implementing it as part of a more comprehensive information security approach – should be at the top of every IT and security professionals’ to-do lists.

Create Your Password Security To-Do List

  1. Not “if,” but “when:” Start with the assumption that someone’s password will be compromised and prepare your approach accordingly. More than 555 million stolen passwords have appeared on the dark web in the last 5 years.
  2. Encourage unpredictability: Better known as “password entropy,” this is a measurement of how unpredictable (read: harder for a hacker to guess) a password is. Password entropy is based on the character set you use, which can expand by using lowercase letters, uppercase letters, numbers, and symbols.
  3. Monitor and act: Hackers can try thousands, tens of thousands, or even hundreds of thousands of password attempts per second to crack into accounts. Prevent the number of attempts and window of attack by implementing password lockouts and password expiration. Implement reporting and monitoring to detect and lock out suspicious sign-ins.
  4. Implement MFA with passwords: Users face the issue of trying to remember their password, which leads to simple and reused passwords that others may also use. Knowing something is not unique. Implement multi-factor authentication that includes something unique to you – whether it’s something you have (such as a token, authenticator app, or access card) or something you are (such as biometrics). Studies have found that MFA blocks 99.9% of attacks.
  5. Think of password security as one brick in your security wall: Implementing strong password security policies is important, but it’s just one way you can fortify your organization from cyberattacks. Consider implementing firewalls, role-based access controls (RBAC), data loss prevention (DLP) scanning, and virtual local area networks (VLANs) as part of your information security approach.

At AvePoint, we take this approach to secure our information to heart: Our customers should rest assured we adhere to and have been certified against the industry standards for security and privacy, ISO 27001:2013, ISO 27017:2015, Cloud Security Alliance (CSA) Level 2, SOC 2 Type II, FedRAMP and IRAP. We also enable our customers to leverage their Azure Active Directory for authentication with our cloud solutions and Active Directory Federation Services for those using our on-premises solutions. This enables organizations to use their existing password security and management protocols.

For more information on how AvePoint places safety in the hearts of our customers, visit the AvePoint Trust Center.

Subscribe to be notified of the next entry in our Cybersecurity Month showcase.

Henry F.
Henry F.
Henry is an Information Technology Manager at AvePoint.
Alex Varvel
Alex Varvel
Alex works on AvePoint's Information Technology team, specializing in process improvement and automation with a focus in the domains of cybersecurity, compliance and cloud technologies.

More Stories