Reviewing cybersecurity basics is always a smart idea, especially when it comes to passwords. Using unique and strong passwords takes a bit of thought. Yet even knowing how critical password hygiene is to their online security, many still consider it a chore they can’t be bothered with. With personal accounts, weak or reused passwords present a risk usually limited to the user and the device. But when those users are also employees, bad password habits can be a liability to an entire organization. And since employees are often the first line of defense against hackers, those who fall short of password hygiene put themselves, their co-workers, and their companies at risk.

Ponemon Institute’s The 2019 State of Password and Authentication Security Behaviors Report provides some startling stats about company employees and poor password use at work.

• 51% reuse passwords across business and personal accounts
• 2 out of 3 (69%) share passwords with co-workers to access accounts
• 55% don’t use any form of two-factor authentication (2FA)
• Weak passwords cost organizations an estimated $5.2 million per year

At the heart of many online security issues, using strong passwords is at odds with human nature’s inclination toward convenience. Taking another look at creating fortified password gives us all some well-needed reminders.

1. Don’t share passwords. Someone, whether a mischievous colleague or a service provider in for the day, may overhear or get a glimpse of your password and they could share it with a bad actor, so keep them to yourself.

2. Use different passwords for all accounts. Helps prevent account takeovers that happen when a user has more than one account using the same password. Hackers “credential stuff” passwords into other accounts, looking to find those using the same password.

3. Don’t use single words or sentences. A single word may be easier to remember, but it makes it easier for hackers to compromise an account. The same applies with using simple sentences for passwords. Instead, using random words makes more sense because it’s difficult to make sense out of random words.

4. Consider using password management tools. They help take the guesswork out of remembering individual passwords if this is a challenge for you. You only need to remember one master password to access all the others. Just consider the risk: If a criminal gets your master password, they have all of your others too.

5. Use multi-factor authentication. Assuming you have the device in your possession, you’ll receive a randomly generated numerical code necessary to complete log-in. The code provides an additional layer of identity confirmation and protection.