The Problem With Passwords

One of the earliest forms of internet and software security is using passwords. However, in the current environment, when cybercrime is on the rise and hackers are starting to apply machine learning, passwords just aren’t enough of a defense for businesses. Here are four reasons passwords are problematic.

Employees Reuse the Same Passwords

Over 70% of employees reuse passwords at work, according to a Data Breach Investigation Report from Verizon. So, suppose a hacker manages to get hold of an employee’s credentials for one app, maybe an app that doesn’t contain important information; they are likely to be able to access other apps, possibly ones with sensitive data. Additionally, most people use the same passwords for personal and professional accounts. Therefore, if a hacker gets an employee’s Facebook or LinkedIn password, they will likely gain access to business credentials. 

Employees Use Simple Passwords

In addition to reusing passwords, people often choose simple or easy passwords for hackers to guess. This is because many people have trouble remembering multiple passwords. But it only takes one wrong password for a hacker to infiltrate your network. 

Employees Fail to Safeguard Their Passwords

Even when people choose stronger passwords, they frequently store them in dangerous locations. You would be surprised at how many employees and even managers enter passwords into notes on their phones, documents saved on their computers, or worse, scribble them on post-it notes in their workspace. As a result, your organization’s security is at risk if a cybercriminal or a disgruntled worker accesses an employee’s phone, computer, or walks by their desk. 

Phishing Attacks

There are numerous ways for hackers to exploit passwords, and phishing attacks are, without a doubt, the most common. Phishing is when a hacker targets a user with fraudulent emails, impersonation attempts, and social engineering to try and trick them into clicking on malicious links, sharing account details, or making fraudulent payments. Unfortunately, phishing attacks are not only becoming more frequent, but they’re also more sophisticated than ever.

Fortunately, at GTS, we offer protection against these types of attacks. A simulated phishing attack is the easiest technique to see if your staff members can recognize a phishing attempt. Our email security experts at GTS can create a phishing scam that appears legitimate, deliver it to your workers, and get feedback. Who clicked on the questionable link, and who was aware to delete and report the email immediately? We can suggest additional security measures and training to you once we learn how your team responds to a phishing attempt. Installing a secure email gateway like GTS PhishGuard will also help your organization defend against phishing attacks. This application is so laser-focused on phishing scams that it will even remove emails from your team’s inboxes if one is determined to be a threat. Threats to password security are constantly evolving as hackers create increasingly complex ways to access your data.

At GTS, we are happy to collaborate with you to find potential vulnerabilities in your defenses and set up security measures to secure your organization. To learn more give us a call at 904-606-6011 or email


Paul May