Password Hygiene

The practice of using strong, unique passwords and handling them carefully to reduce the chance of account compromise. Good password hygiene means choosing passwords that are hard to guess (long and random), not reusing passwords across different accounts, and keeping them secret.

‍

It also includes changing passwords immediately if you suspect they're exposed, and using a password manager to help follow all these rules. Poor password hygiene (like "Summer2023!" used for everything, or sticking passwords on a Post-it note on your monitor) is an open invitation to attackers.

‍

For a small to medium business, improving password hygiene can yield big security gains quickly: require employees to use complex passwords/passphrases, encourage or enforce the use of password managers, and implement policies like not sharing accounts whenever possible. Also, educate staff on dangers such as phishing (which often aims to steal passwords) and credential stuffing attacks (where hackers try lists of stolen passwords on other sites to see if people reused them).

‍

By treating passwords like the keys to personal lockers - all keys different, kept safe, and changed if lost - you make it much harder for an attacker to unlock your accounts.