New Year’s resolutions for boosting password security

New Year’s resolutions for boosting password security

The new year is always a great time to reflect on the past 12 months and take a look at what your business can improve on for the future. One area to focus on is cybersecurity, and that includes making sure that your passwords are as secure as possible. Having weak passwords leaves your online accounts and data vulnerable to cyberattacks, so bolstering your password security should be a top priority for 2023.

Here are seven simple New Year’s resolutions that your business can adopt to strengthen your password security:

1. Create a password policy and educate employees

Establishing a password policy and reminding employees to be mindful of their passwords is the foundation for all other measures. Make sure employees understand why it’s important to use strong passwords, how to create them, and other best practices such as not reusing the same password for multiple accounts. Updating your policy on a regular basis to reflect the changing security landscape will also help keep your business secure.

2. Use a password manager

Password managers are invaluable for creating and storing passwords, especially when it comes to business accounts. These tools generate unique and complex passwords, keep them in an encrypted database, and can even auto-fill login forms for added convenience and security. While there are plenty of free password managers available online, investing in a premium service with more advanced security and support can give you some peace of mind.

3. Change default passwords

When using new hardware and software, don’t leave the preset passwords as is. These passwords are typically generic and easy to guess, and they're often publicly available on the internet. Hackers can simply look up the default passwords for certain products and gain access to your system, so change them as soon as possible. This is especially important for any connected devices, such as routers and webcams, and admin accounts.

4. Implement multifactor authentication (MFA)

MFA is one of the most effective methods for protecting accounts and data. Rather than relying solely on a single password, MFA requires users to authenticate their identity with two or more different factors, such as a physical device, biometric data, or a code sent to the user’s phone or email. This ensures that even if a hacker obtains the user’s password, they will still need access to the additional authentication element before they can successfully log in.

5. Conduct password audits

Password audits reveal any weak or reused passwords and can alert you to suspicious activity, such as frequent failed login attempts. These audits can also provide insight into how well employees are following your company’s password policy, and if any further training or enforcement is needed.

6. Activate account lockout policies

Account lockout policies set limits on the number of failed login attempts allowed before access to the account is disabled. This prevents brute force attacks, where hackers attempt to guess passwords by trying different combinations until one works. Setting a reasonable limit, such as 5 or 10 failed attempts, is a good way to protect your accounts without making it too difficult for legitimate users to log in.

7. Monitor for compromised passwords

Using an identity and access management (IAM) solution with a real-time password breach detection feature can enable you to stay one step ahead of hackers. This feature compares user passwords against known compromised credentials, and if a match is found, the IAM system will automatically alert you so that you can reset the password and take immediate action to protect your data.

These best practices are a great place to start when it comes to protecting your business from the risks associated with weak passwords. For more tips on improving your cybersecurity, get in touch with our experts at NetQuest.


Improve your overall cybersecurity posture by empowering your workforce to recognize and prevent social engineering attacks. Our FREE eBook will teach you how to design and implement a cybersecurity awareness training program that works.Learn more here
+ +