We all know passwords are important, but we also know they’re a pain. That’s why so many people still use things like password1 or CompanyName2023! across everything.
The problem? Hackers love these habits. In fact, “password spraying” (trying a few common passwords on many accounts) is one of the easiest and most effective cyber attacks out there.
Let’s fix that – without making everyone’s life miserable.
The state of passwords today (it’s not pretty)
Here are the most common problems:
- Passwords that are too short or predictable
- Using the same password across multiple systems
- Sharing passwords via email or messaging apps
- Writing them down, especially on Post-it notes
None of this is new. But it’s still happening – in companies big and small.
The fix: smarter, simpler security
- Enforce strong passwords
Ask: “Do we have rules in place to stop weak passwords?”- Aim for long, complex, and unique passwords.
- Ban known bad ones like “qwerty” or “admin123.”
- Use a password manager
Ask: “Do we offer staff a secure tool to store and generate passwords?”- These tools take the pain out of remembering dozens of logins.
- Stop sharing passwords
Ask: “Have we trained people not to share passwords – and offered alternatives?”- If multiple people need access, use shared credentials managed securely, or proper user roles.
- Require Multi-Factor Authentication (MFA)
Ask: “Is MFA enabled for all important systems?”- MFA is your safety net when passwords fail. It adds a second step (like a phone prompt or code), making it much harder for intruders to get in.
- Review and clean up old accounts
Ask: “How often do we audit accounts – and remove ones that aren’t used?”- Dormant accounts are a hacker’s dream. They’re often overlooked but still have access.
Passwords in plain English: What to tell your team
- Don’t reuse passwords across systems.
- Don’t share your password with anyone – not even IT.
- Use a password manager, not a notebook.
- If you think your password has been compromised, change it immediately and report it.
Leadership’s role
Lead by example. If you use weak passwords or resist MFA, others will follow. Support the use of password managers. Fund the right tools. And don’t roll your eyes when the IT team pushes a new policy — they’re trying to protect the business.
In short…
Passwords aren’t going away, but the way we manage them must change. With a few practical steps and a bit of leadership support, you can turn one of your biggest security weaknesses into a strength.
Because the only thing more frustrating than remembering passwords… is explaining to the board why you didn’t secure them.
We are pleased to offer WYSE Travel Confederation members these options to increase your cybersecurity and protect your organisation’s data.