Each year, the list of the most common passwords circulates online, and each year, it remains equally concerning. People continue to use “123456” and “password” as though it’s 1999. Meanwhile, cybercriminals don’t need advanced tools when users are handing them the keys.
Research shows that 40 per cent of passwords used by corporate employees are the same as those used by everyday internet users. In other words, the same overused passwords that people rely on for social media and shopping accounts are also protecting company data. It’s like locking the front door while leaving the windows wide open.
Managed service providers (MSPs) can only do so much to protect businesses from cyberattacks. Employees play a crucial role in cybersecurity, and password security is often neglected.
That’s why National Password Day (May 2) exists – to remind everyone that strong passwords aren’t optional. One weak password can open the door to data breaches, financial losses, and significant headaches.
So, in honour of National Password Day, let’s talk about what makes a strong password, why password managers should be a standard business tool, and how companies can tighten security across the board.
The Password Security Checklist: Is yours strong enough?
Many people assume their passwords are “good enough.” They aren’t. A secure password needs to be long, unpredictable, and unique. Here’s what that actually means:
- Length matters: A password should be at least 12–16 characters. Shorter passwords are easier to crack.
- Complexity counts: A mix of uppercase and lowercase letters, numbers, and symbols makes guessing harder.
- Predictability is a problem: Birthdays, pet names, and favourite sports teams are poor choices. If it’s easy to remember, it’s likely easy to guess.
- Recycling is risky: If the same password is used across multiple accounts, one leak puts everything at risk.
- Passphrases beat single words: A random string of words — “desk-lamp-marathon-cookie” — creates a long, strong password that’s easier to recall than a jumble of characters.
For businesses, these rules need to be more than guidelines. They should be enforced company-wide. Employees won’t take security seriously if the company doesn’t, either.
Change passwords regularly
Another important aspect of password security is regularly changing passwords. This helps prevent unauthorized access to accounts and systems, as well as mitigates the risk of compromised credentials.
It’s recommended to change passwords every 3-6 months or whenever there’s suspicion of a breach. This includes both work-related accounts and personal accounts such as email, company devices, and online tools used for work.
Be careful with security questions
Security questions are often used as an additional layer of protection for password recovery. However, these questions can be easily guessed or found through social media and other online sources.
To increase the security of your accounts, choose unique and difficult answers to security questions. Avoid using common information such as your mother’s maiden name or your pet’s name. If your friends could easily guess the answer, it’s not secure enough.
Avoid sharing passwords
Sharing passwords with others, even close family or friends, is never a good idea. Not only does this compromise the security of your account, but it also puts trust in someone else to keep your information safe. If that person’s device or account is hacked, your password could potentially be exposed as well.
The case for password managers
People aren’t good at managing passwords. They make them too simple, reuse them across sites, or forget them altogether. That’s why password managers exist — to eliminate the guesswork.
A password manager generates, stores, and auto-fills complex passwords so users don’t have to remember anything beyond a single master password. For businesses, this means employees aren’t using sticky notes, spreadsheets, or whatever their go-to easy-to-remember phrase might be.
But convenience isn’t the only benefit. Password managers also:
- Stop password reuse: Employees no longer need to recycle the same login across multiple sites.
- Secure passwords with encryption: Even if a hacker gets into the system, the passwords remain protected.
- Work across devices: Whether an employee logs in from a laptop, phone, or tablet, passwords stay accessible but secure.
- Provide admin control: Businesses can set password policies, revoke access when employees leave, and monitor security risks.
The biggest reason people resist using a password manager is that they think it’s complicated. But resetting a dozen hacked accounts after a breach is a lot more complicated.
No one can afford to ignore password security
Cybercriminals don’t need sophisticated tactics when weak passwords do the work for them. And businesses that assume they’re too small to be targeted are playing a dangerous game. A single compromised password can lead to data breaches, financial loss, and reputational damage.
National Password Day is a reminder that strong security isn’t just about individual habits — it’s about company-wide policies that prevent problems before they happen. Businesses that take passwords seriously don’t just avoid breaches; they build a culture where security is part of the foundation.
