5 February 2024

Best Practice for Business Passwords 2024

3 mins read

Table of Contents

Share post

Did you know that the top passwords in 2024 could be hacked within seconds? Unbelievably, favourites like “123456” and “password” made the list. Even though modern systems usually disallow such weak passwords, some businesses still permit them due to legacy systems or inherited IT configurations.

In the ever-evolving landscape of cybersecurity, the humble password stands as the first line of defence against data breaches, hacking attacks, and ransomware. However, the rise of cloud services and the proliferation of usernames and passwords have given cybercriminals ample opportunities to exploit poor password habits.

Why are passwords so vulnerable for businesses?

Poor password practices not only include weak combinations but also extend to the use of corporate email addresses. These email logins, coupled with bad password habits, create a vulnerable entry point for hackers. Personal experiences, like a friend being locked out of multiple accounts due to a compromised Facebook login, highlight the real-world consequences of overlooking password security.

In 2020 alone, weak password attacks and access management infiltrations surged by 21%. Shockingly, over 44% of individuals in the UK admitted to regularly reusing passwords across different platforms, making them lucrative targets for cybercriminals.

Businesses face a significant threat when employees exhibit poor password habits. Corporate email logins and weak passwords open the door for hackers to wreak havoc, leading to potential data breaches and financial loss. To mitigate these risks, businesses must prioritise password security as a crucial component of their overall cybersecurity strategy.

How do people steal passwords?

Understanding the various methods employed by cybercriminals is crucial for bolstering password security.

Manual Password Guessing

Guessing passwords using personal information ‘cribs’ such as name, date of birth, or pet names. Cybercriminals leverage easily obtainable personal information to guess passwords.

Password Spraying

Deploying a small number of commonly-used passwords in an attempt to access a large number of accounts. Cybercriminals exploit the predictability of commonly used passwords to gain unauthorised access.

Social Engineering

Tricking someone into revealing their password through deceptive tactics such as phishing emails or coercive techniques. Cybercriminals exploit human psychology to manipulate individuals into divulging sensitive information.

Data Breaches

Using passwords leaked from data breaches. With the increasing frequency of large-scale breaches, hackers gain access to massive databases of usernames and passwords, exploiting the reused credentials across multiple platforms.

Theft of Password Hash Files

Stealing a password hash file where the hash can be broken to recover the original passwords. Cybercriminals target stored hash files and use advanced techniques to reverse-engineer passwords.

Insecure Storage

Finding passwords stored insecurely, such as on notes near a device or in documents stored on devices. This method involves physically accessing or finding documents with sensitive information.


Intercepting a password (or password hash) as it is transmitted over a network. Cybercriminals exploit vulnerabilities in network communication to eavesdrop on password transmissions.


Installing a keylogger to intercept passwords when entered into a device. Malicious software records keystrokes, providing cybercriminals with an illicit record of login credentials.

Brute-Force Attacks

Automated guessing of large numbers of passwords until the correct one is found. This method systematically tries all possible combinations until the correct password is identified.

How can you secure your business?

Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA)

Implementing an additional layer of security through 2FA or MFA adds a crucial barrier for unauthorised access.

Crafting Strong Passwords

  • Avoid Regular Words or Guessable Phrases: Make your passwords unpredictable.
  • Include Numbers, Capital Letters, and Unusual Characters: Enhance complexity to thwart hacking attempts.

Device Security

Secure devices with antivirus solutions and network firewalls to block incoming threats.

Password Managers

Encourage the use of password managers to generate and securely store complex passwords.

Avoid Writing Down Passwords

Never write passwords on physical items like sticky notes, which could be easily accessed.

Restricted Access

Limit access to sensitive accounts, allowing only top-level employees to prevent unwarranted breaches.

The Problem with Passwords

Passwords are the keys to your digital fortress. By adopting best practices, businesses can fortify their defences and thwart cybercriminals looking for an easy way in. 

However, while passwords are a fundamental aspect of cybersecurity, relying solely on them is insufficient. They serve as a barrier, but for a robust defence, businesses need to complement password security with advanced cybersecurity measures. Our Cyber Security Awareness programs can empower employees to identify and mitigate the risks posed by phishing emails, ultimately safeguarding both individuals and the business.

Woman typing on laptop in a dark room with light overhead

12 February 2024

Penetration Testing vs Vulnerability Scanning: Why your organisation might need them

Man and woman sitting opposite one another typing on laptops

18 December 2023

UK Small Businesses Need to Invest in Cyber Security

Top-down view of woman sitting in a dark room typing on laptop

31 January 2023

What Are the 3 Main Steps to Implement Security Awareness?