Password safety is evolving; can your business keep up?

Good password practices can act as your business's first line of defense. They thwart security breach attempts from bad actors. Bad password practices, by contrast, act as an open door for cybercriminals. Still, many of us continue to use them. Let’s put an end to that.

In this article, we discuss the importance of password hygiene. We examine the risk of bad password practices and explore a password-free world. But first, let’s look at our password-protection journey so far.

In this article:

• The evolution of passwords
• Password hygiene
• The risk of bad password practices
• A password-less world
• The future for passwords

We’ve come a long way when it comes to personal cybersecurity. We no longer jot down desktop passwords on sticky pads and leave them on our monitors. We’ve stopped relying on loved ones' birthdays to create memorable pin codes. And we don’t have emails stored in our draft folders containing all our personal data. 

We now choose more complex passwords that don't include dictionary words. We've adopted systems with features like password managers and two-factor authentication (2FA).    

We’ve evolved, but unfortunately, so have cybercriminals. 

While many bad actors still carry out the same old brute-force attacks. Things like: 

• Dictionary attacks. Guessing passwords based on commonly used words or behaviors. This includes using personal information to crack codes.
• Credential stuffing.  The automated injection of stolen credentials into web forms. 
• Hybrid attacks. Using a combination of attack methods. These are used to take advantage of our tendency to reuse old passwords with single-letter or single-number variations. For example, “Password123” becomes “Password1234”.

But now bad actors have become more acquainted with sophisticated security measures. This includes salting and the use of hashing algorithms. Salting is the automated practice of adding random characters to a password. A password is salted before it is run through a hashing algorithm, a function that garbles the password to make it unreadable — almost.

In response, cybercriminals carry out rainbow table attacks. Rainbow table attacks involve developing a database of common passwords to decode passwords that use scrambled data as a form of protection. 

New safety precautions are prompting new methods for attacking. So, how can we ensure the protection of our company, colleagues, and clients from cybercriminals? Many companies rely on password hygiene.

What is password hygiene?

Password hygiene is the practice of creating and managing strong, complex passwords to protect data and systems. Examples of good password hygiene include not sharing passwords and avoiding the archaic actions we mentioned in the opening paragraph.

Before, individual users were responsible for their own good password hygiene.

• The individual had to create (and remember) a long password. This involved using randomized sequences of numbers, letters, and special characters.
• The individual had to ensure they had a unique, strong password for each one of their accounts. 
• The individual had to remember to change these long, strong passwords regularly.

Thankfully, technological advancements, including the features below, have moved this responsibility from the individual to the organization. 

Multi-factor authentication (MFA) is an authentication method that requires a user to provide at least two verification factors to access a device or system. 

And password managers are programs that store and manage passwords for multiple online and local applications.

Both have become commonly accepted safety standards today. That means companies can be more confident about keeping sensitive data and systems safe.

Yet, bad password practices prevail. Cybernews.com reported that in the USA, the most common password in 2024 was “123456.”

 So why go against the status quo of bad password practices? Because bad passwords can lead to cyberattacks. And cyberattacks are an expensive business.

Cyberattacks usually impact businesses in two ways: loss of reputation and loss of earnings. And oftentimes a company suffers fallout in both areas.

Loss of reputation

Many companies claim to provide their clients with a secure service. But if a data breach occurs for these companies, huge reputational damage will follow. 

And almost 81% of company data breaches lead back to bad password practices. That means preventing colleagues from using passwords like “123456” is highly advisable.

Loss of earnings 

USD26 trillion. That’s how much cybercrime is expected to cost globally in 2026. That’s over four times the reported figure in 2021. As the projected figure grows, so does the need for accelerated password practice.

So, what does an accelerated password practice look like? At TeamViewer, it’s a world (almost) completely without passwords. Password-less authentication — the practice of verifying identity without a password — is a safer (and easier) way to defend against cyberattacks in your organization.

TeamViewer’s Single Sign-On (SSO) enables you and your colleagues to securely authenticate multiple applications, systems, and websites using just one set of credentials. 

Simple and straightforward, your organization can set password rules at the company level. This means that your colleagues only have to create one long and strong password.  

A password-less approach can also give you specific control over how individuals and groups access company data and devices. Your company can gain further control by only allowing access at certain times or under certain conditions.  

Using TeamViewer’s Conditional Access, for example, you can ensure access is only granted at certain times, in certain locations, and for certain job roles.

Imagine your business operates large machinery that requires third-party remote support. You don’t want to give just any third-party expert full, unconditional access to your machines at any time. Thankfully, using TeamViewer’s Conditional Access, you don’t have to. Instead, you can give access to a specific expert for a specific time for a specific action. That means that you’ll still have the support you need, all while keeping your system safe and secure.

TeamViewer strengthens its password-less approach with Easy Access. This feature allows you to access managed devices without needing a password. It sets up access so that your user account acts as your password. Bad actors can’t crack a password that doesn’t exist, making your devices even more secure.