Let’s be honest for a moment. Do you still have at least one password that looks like “12345” or “password123”?
If the answer is yes, you’re far from alone – but that doesn’t make it OK.
Despite years of warnings from cyber security professionals, weak passwords remain alarmingly common across UK businesses of all sizes. And they continue to be one of the easiest ways for cyber criminals to gain access to your systems.
The Shocking Truth About Common Passwords in the Workplace
You’d be amazed how many companies still rely on passwords that can be cracked in less than a second.
Recent research reveals that the most common password in the business world is still “123456”. Not far behind? “123456789”, “password”, and the ever-popular “qwerty123”.
These aren’t just lazy choices – they’re open invitations for hackers.
And it’s not just large enterprises getting it wrong. Small and medium-sized businesses (SMEs) are just as guilty. In fact, they’re often hit harder when attacks occur, as they don’t always have the internal resources or financial resilience to recover quickly.
Why Strong Passwords Matter – Even for Small Teams
You might think, “We’re a small team – there’s nothing worth stealing here.”
Think again.
Even if you only have five employees, your systems likely contain:
- Company emails and sensitive conversations
- Financial systems and banking access
- Customer data, including names, addresses and payment details
- Intellectual property and business-critical files
Cyber criminals don’t discriminate. They target easy wins. And weak passwords are the easiest win of all.
Poor Password Habits You Should Break Immediately
Even if you’re not using “123456”, your passwords may still be putting you at risk. Many people continue to use:
- Their own name or email address
- Common phrases like “letmein” or “iloveyou”
- Reused passwords across multiple accounts
These predictable habits make it simple for attackers using automated tools to crack your credentials and gain access to your systems.
How to Build a Strong Password Policy for Your Business
So what should your business be doing to protect itself?
Start by enforcing strong, unique, randomly generated passwords for every user. A secure password should:
- Be at least 12 characters long
- Include a mix of uppercase and lowercase letters, numbers, and symbols
- Avoid any predictable sequences or personal information
But let’s be realistic – no one can remember 30 complex passwords. That’s where a password manager becomes essential.
Why You Should Use a Password Manager
Password managers:
- Generate secure, unique passwords for each account
- Store them safely in an encrypted vault
- Automatically fill login forms across devices
- Eliminate the need for sticky notes and insecure spreadsheets
Implementing a business-wide password manager is one of the easiest ways to raise your cyber security baseline instantly.
Add Two-Factor Authentication for an Extra Layer of Protection
Even strong passwords can be stolen. That’s why two-factor authentication (2FA) is so important.
2FA requires users to enter a secondary code – usually sent to their phone or generated via an app – when logging in. This extra step means that even if a password is compromised, an attacker still can’t gain access.
It’s a small change that delivers huge protection.
Looking Ahead: The Rise of Passkeys and Passwordless Login
Want to stay ahead of the curve? Look into passkeys – the future of secure logins.
Passkeys use biometrics (like fingerprints or facial recognition) or trusted devices to authenticate users, eliminating the need for passwords entirely.
They’re faster, more secure, and far less vulnerable to phishing attacks. And major platforms like Apple, Microsoft and Google are already rolling them out.
Final Word: Don’t Wait for a Security Breach to Act
Strong passwords – or better yet, secure alternatives – are your first line of defence. Don’t wait until your business suffers a breach to take them seriously.
If your team is still using “abc123”, now’s the time to act.
Need Help Improving Your Password Security?
Whether you want to review your existing password policy, roll out a password manager, or implement two-factor authentication across your organisation, we’re here to help.
Get in touch with our team of cyber security experts – we’d love to help secure your business, properly.
