Resources

0

You have no items in your shopping cart

Shop Products

Shop Products

Irrigation
& Landscape supply
Blog

Password Security: Small Habits That Prevent Big Problems

Mark Gesick on February 17, 2026

Passwords are something we all use every day, but they’re still one of the most common ways attackers get into systems. From my day-to-day work securing Ewing Outdoor Supply’s systems and employee accounts, I can tell you that most password-related incidents don’t happen because of advanced hacking.

They happen because of simple, avoidable mistakes.

The good news is that strong password habits don’t require technical expertise—just consistency and the right tools.

The Most Common Password Mistakes I See

The biggest issue I run into is password reuse. When the same password is used across multiple websites or systems, a single breach can quickly turn into many.

Other common problems include:

  • Passwords shorter than 12 characters
  • Using common words or phrases
  • Including personal information like family names, birthdays, addresses, or favorite places
  • Referencing well-known movies, teams, or locations

What Actually Makes a Password Secure

A strong password doesn’t need to be memorable; it needs to be long, unique, and random.

Here’s what I recommend:

  • Use 12 characters or more
  • Avoid real words and personal information
  • Use a password generator instead of creating your own
  • Store passwords in a password manager, not in a browser or document

If you don’t already use one, a simple place to start is the LastPass password generator.

At Ewing, our password system goes even further. When someone resets a password, it’s checked against known Dark Web databases to make sure it hasn’t already been exposed. We also continuously monitor compromised credentials and automatically lock accounts if a risk is detected. Because of that, we don’t force frequent password changes since security is built into the process.

Why Multi-Factor Authentication Is Non-Negotiable

If there’s one control I insist on for anything important, it’s multi-factor authentication (MFA).

MFA requires more than just a password, it’s typically a code from a phone or authentication app. Even if a password is stolen, MFA often stops the attack entirely.

Most modern systems now require MFA as a baseline, and for good reason. Not every platform supports it yet, but when it’s available, it should be enabled. If you don’t want to lose access to something, protect it with MFA.

Phishing: The Easiest Way Passwords Get Stolen

Phishing is still one of the most effective tactics attackers use, and it works because it looks legitimate. My advice is simple: Never click a password reset link unless you personally requested it.

That applies to email, text messages, and pop-ups on any device. If you receive a message saying you need to reset your password, assume it’s phishing. Don’t click the link. Go directly to the website by typing the address into your browser.

This one habit alone can prevent a huge number of compromises.

Do Passwords Still Need to Be Changed Regularly?

The thinking around password changes has evolved.

Long, complex, unique passwords don’t need to be changed as often as people were once told. That said, changing a password never hurts, especially if you suspect an account may be at risk.

What matters far more than frequent changes is:

  • Password length and uniqueness
  • Using a password manager
  • Enabling multi-factor authentication

Keeping Work and Personal Accounts Separate

There’s no truly effortless way to stay secure. It takes some discipline.

One of the best habits you can adopt is keeping work and personal logins separate. Avoid signing into personal accounts on work devices and avoid accessing work systems from personal devices whenever possible. This limits exposure and reduces the impact if one account is compromised.

Recommended Tools for Monitoring Exposure

For employees at Ewing, password exposure is continuously monitored and resets are enforced when needed. For personal use, there are several solid options:

  • Proton Pass – A strong, free password manager
  • Have I Been Pwned – A free way to check if your email address has appeared in known data breaches
  • Pentester – For those who want deeper visibility into personal security risks

For identity protection, I personally use Zander Insurance. Ewing employees also have access to discounted identity protection through Allstate.

Where Password Security Is Headed

Passwords aren’t going away overnight, but we’re moving toward a future with fewer of them. Passkeys, biometric authentication, and passwordless systems are becoming more common, and we’re actively working toward that direction at Ewing.

Until then, strong passwords, password managers, and MFA remain the most effective tools we have.

Most security issues I see aren’t the result of sophisticated attacks; they’re the result of everyday habits. A few small changes in how passwords are created and managed can dramatically reduce risk, both at work and at home.

Security isn’t about perfection. It’s about making the right choices consistently.

TAGS: Cyber Security, Prevention, Password Security, Security, Passwords

Looking for More?

Topics

Subscribe via Email

Enter your email to get special offers, exclusive discounts, and more!

Subscribe

Company

Resources

Help

Sign up for our Newsletter

Enter your email to get special offers, exclusive discounts, and more!
Sign up
© 2025 - Ewing Irrigation Products, Inc. All Rights Reserved.