We put the IT in city®

CitySmart Blog

Tuesday, January 24, 2017
Ryan Warrick, Network Infrastructure Consultant

Ryan WarrickBefore you start reading this post, take our short password self-assessment.

  1. Do you have your password written down somewhere on your desk to help you remember it?
  2. Do you use a simple, easy-to-remember password (such as your kid’s name, your pet’s name, or your birthdate)?
  3. Do you use the same password for many websites and applications you access?
  4. Do you share your password with co-workers just to make things easier?
  5. At work, do you save your passwords on your web browser so that you can log in without typing your password?

If you said “yes” to any of these questions (or feel as a supervisor that your employees would answer “yes”), then you’ve got a security risk on your hands.

Why? First, simple passwords are easier to crack. Nowadays, even inexperienced hackers have access to automated password cracking software. This software can easily crack short, common, and simply constructed passwords with ease.

Second, writing down or sharing passwords with co-workers may give others unauthorized access to data and applications. What if a disgruntled employee sees your password on your desk? What if someone you think is a trusted employee uses the password you share with them to gain access to unauthorized information?

Finally, even saving passwords on your web browser (like you do at home) is not wise when working for a city. All it takes is an unauthorized person to sit at your computer or a hacker to gain access to your device to access sensitive information on applications that you use.

So, what do you and your employees need to do? Implementing the following best practices will help plug these security gaps.

1. Do not write passwords down and leave them visible.

This is an easy security tip but you need to make sure employees follow it. If they have trouble remembering their passwords, then suggest they write them down on a piece of paper and keep it in their wallet or purse—like how they protect their driver’s license, credit cards, and money from public view.

2. Use a password on all devices.

Many employees often use passwords on their desktop computers but it’s easy to forget to set up a password on laptops, tablets, and smartphones. Mobile devices are perhaps even easier from which to steal information. A thief or disgruntled employee can steal a smartphone in seconds and quickly gain unauthorized access to city email and applications. Protect all devices with passwords.

3. Do not use simple or obvious passwords.

Instead, use strong passwords such as long passphrases (like “The brown fox is 2fast!”) or complex passwords consisting of a mix of letters, numbers, and special characters. Strong passwords go a long way toward preventing hackers from getting into city applications. And if your password is one of the top 25 worst passwords below (according to Splashdata), change it NOW!

4. Do not save passwords to websites and applications.

You may do this at home so that you can easily stay logged into your favorite websites and applications. However, you don’t want to do this at your city. If someone gets access to your device, then they can gain access to unauthorized information without even needing to crack a password. Enforce a policy at your city that employees cannot save passwords on even their most frequently used applications.

5. Change passwords regularly.

Yes, this annoys employees but it helps with security. The longer a password is in use, the more likely that hackers will be able to crack it. The more you change passwords, the more difficult you make a hacker’s job.

6. Do not use the same password for all systems you access.

We know—another annoyance! But think about it. Let’s say an employee uses the same password for five different software applications that give access to confidential information at your city. If a hacker or disgruntled employee gets one password, then they have access to all five applications. Mitigate the chance of a data breach by requiring different passwords for each application.


Cybersecurity continues to evolve. In the future, passwords may go away and get replaced by different forms of authentication. But in the meantime, passwords are here to stay and they often represent a gaping security hole for hackers. By following the best practices outlined above, you will make your city’s cybersecurity much stronger.

Questions about the state of your city’s cybersecurity? Reach out to us today.