Poor Password Security: Hackers Already Have Your Passwords

Author: Craig Pollack Date: Nov 25, 2021 Topics: Cybersecurity

What if you were told protecting your online accounts was virtually impossible in today’s cybercrime environment? According to Experian’s Data Breach Industry Forecast, “Weak or stolen credentials continue to top the list of attack vectors, while traditional authentication continually fails to protect against cyberattacks.”

Poor password security is frequently THE major cybersecurity weakness for both businesses as well as individuals. The reason many of these password security compromises occur is because cyber criminals have a variety of attack approaches — hacking to gain user data, using malware and phishing scams, using bots to systematically locate and attack weaknesses in businesses’ cyber defenses — all just to gain access to users’ credentials and other account information. If even just one of these attacks is successful, they essentially hold the keys to the kingdom.

You may ask: “How strong is my password?” If your password contains common mistakes like using all lowercase letters, pet or family members’ names, the word “password” in it, or not using uppercase letters, numbers, or symbols, the answer is “not very.” Strong password security is the antithesis of these things and should contain a mix of lowercase and uppercase letters, numbers, symbols and, ideally, should lack any words that are found in the dictionary. And, we cannot emphasize this enough:

A secure password is one that is NOT used with multiple accounts!

The importance of cybersecurity can’t be overstated and contributes to the best approach to prevent cyber crime. Our best advice is to act as though hackers already have your password. The reality is many of them actually already do.

As a Managed Security Service Provider (MSSP), we understand the challenges and threats businesses face in this increasingly dangerous digital world. To help keep your business and credentials as safe as possible, here are a few of the things you can do to increase the strength of your cyber defense.


The Dark Web is a part of the internet that can't be accessed via our standard browsers. And this is where hackers live.

Dark Web monitoring is a great way to know if / when your credentials are available and being sold or bartered there. While there’s not a lot you can do once they’re there, the visibility of knowing which ones and when they appear gives you information to stay ahead of them.

For example, when we perform a Dark Web scan, we’ll search that shadowy area on behalf of our clients to determine whether their information is there. This service is part of our Managed Security Services suite.  While one of the newest tools in our toolkit, we're finding that this is also one of the greatest ways to stay ahead of the hackers.

Use Two Factor Authentication (2FA)

Don’t leave the safety of your organization and its data to the protection of basic password security alone. Two factor authentication (2FA), also known as dual factor authentication, is a type of multifactor authentication method that is an incredible cyber protection tool.

This two-step verification process is a security protocol that adds an extra layer of security to any basic virtual platform. It requires two out of three components (or “factors”) of identity verification that confirm you are who you say you are — something you know (like a password, catchphrase, favorite ice cream), something you have (such as a verified mobile device, generated code, or security token), or something you are (a biometric identifier, such as a fingerprint, facial scan, or retinal scan).

Without a doubt, adding 2FA to all of your logins (including your local network) is one of the strongest ways to ensure that no one can access your information without your authorization.  

Implement Cyber Awareness Training Across the Board

In addition to 2FA, one of the best cyber defenses is having a solid human offense. What I mean by this is the idea of building a “human firewall” — which entails the use of a cybersecurity user awareness training program (in conjunction with other cyber security initiatives).

This form of training aims to help end users increase their knowledge about cyber threats and best practices so they can identify potential threats and know how to respond accordingly.

When it comes to building a human firewall, there are four components:

  1. Performing Baseline Testing. This step uses simulated phishing attacks to gauge a baseline level of how vulnerable your business is concerning your employees’ cyber prowess.
  2. Training All Users. Cybersecurity training needs to be mandatory for everyone from the frontline employee all the way to the CEO. Training needs to provide current, engaging, interactive, and on-demand content that includes common scenario-based traps, exercises, and hacking demonstrations.
  3. Phishing All Users. Systematically test your users on a regular basis with automated and ongoing simulated phishing attacks. This helps to keep password security and cybersecurity hygiene top of mind for your employees at every level.
  4. Managing by Results. This last step is important because you use it to assess and fine tune your processes and training offerings based on the new information you receive.


As an IT security service provider with over 30 years of serving the greater Los Angeles area, we've seen a lot of things over the years.  And more and more of what we're seeing these days as it relates to security hacks, breaches, and threats is, unfortunately, the result of too many businesses NOT taking cybersecurity seriously enough.  Again, just a few of these simple things can take your technology from a target to secure.

While cybercriminals are becoming more and more ingenious in their approach, simply tightening up your basic security controls, like strong passwords, can make all the difference in protecting yourself in this digital world. Remember, act like the hackers already have your passwords. Because in many cases, they already do.

If you don't know where your business stands concerning its cybersecurity stance and password security to prevent future attacks, please download our free Cybersecurity Report Card to help you evaluate this by clicking on the link below.

Has your business fallen prey to cybersecurity attacks? What other recommendations might you have about ways to increase password security? Share your thoughts in the comments section below or feel free to let me know if you'd like to chat about this in more detail.

New Call-to-action

Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.