Passwords have been around for decades now, and they aren’t going away any time soon. And yet, password security best practices have been ignored by many. Too many people and companies are careless with password management, even though they know that a single password in the wrong hands can lead to disastrous consequences.  

Tempted to keep your head in the sand and hope for the best? This is your worst possible option.

If you’re overwhelmed by the task of managing dozens, even hundreds, of personal or business passwords securely, or you’ve never had to deal with the aftermath of a hack, you may be tempted to keep your head in the sand and hope for the best. This is your worst possible option.  

As recently as mid-2016 Pew Research Center reported that most Americans keep track of their online password by memorizing them or writing them down. And if they do this with personal passwords, you can be sure that some of this behavior finds its way into your office environment where the security risks are amplified.  

No surprise again, 123456—possibly the worst password ever—continues to be the most used password for the 5th year in a row.  

Other bad password security practices from the 1990s are also alive and well:

• Companies still add computers to their network without changing the default, out-of-the-box password.
• Employees still email passwords to one another.
• Organizations still store passwords in “password protected” Excel spreadsheets (see why that’s a lousy idea), and employees still write sensitive passwords on sticky notes and paste them on their monitors or under their keyboard.
• People still choose the worst passwords ever—Wikipedia publishes SplashData’s “List of the most Common Passwords” every year, and the old favorites are always pretty much the same.

Has anything changed in password management practices?

Thankfully, yes. A lot has changed. Password management tools have become mainstream as more and more individuals and businesses have adopted them. But not nearly enough, as the Pew research suggests.

On a personal level, cyber-aware people have started using secure digital password managers across their devices. They have adopted 2-factor authentication, and have become more cognizant of the benefits of VPNs to further protect their passwords and other information. These individuals are aware of the value of password security and are more likely to practice better cyber hygiene in the workplace too.

On a business level, conscientious companies have installed enterprise-level privileged access management (PAM) software and are enforcing password management best practices across their organizations. PAM software has enabled companies to introduce automation to password management, so passwords can be changed, rotated, and expired on an automated schedule. Plus, passwords can be better managed when an employee leaves the company or when another high-risk event has occurred.

Password use can be tracked and reported on, and employees’ actions can be monitored and recorded as they access the sensitive information protected by company passwords. And PAM software can help companies establish and prove compliance to fulfill their industry’s audit requirements for protecting passwords.

So, what does the future hold for passwords and their security?

Passwords are the staple of secure access to accounts and sensitive information. They will remain so for the foreseeable future, despite advancements in bio-metric authentication which simply augments passwords interactions.