In an age where online security threats are ever-present, businesses are being cautioned about the significant risks posed by poor password management practices. According to the Cyber Security Breaches Survey 2025, a staggering 27% of businesses still lack effective password policies that compel employees to create strong passwords, raising alarms about basic cyber hygiene.
Jon Fielding, Managing Director for EMEA at Apricorn, emphasized the dire consequences of lax password protocols. He stated, “Poor password management can allow attackers to guess or steal user credentials before putting them up for sale on the black market,” warning that such compromised login details often lead to credential stuffing attacks aimed at fraudulently accessing online accounts.
Fielding further stressed that having a password policy is not sufficient if it does not enforce complexity requirements. He advised that businesses should require users to establish complex passwords comprising a mix of characters, and no longer necessitate regular changes as this practice may lead to simpler, easier-to-guess passwords. “Frequent password resets can frustrate users, leading them to create minor variations of their original passwords,” he added.
With the rise of password managers and integrated browser tools, many businesses are experiencing improvements in password management. Fielding noted, “Password managers can generate unique passwords and have significantly contributed to reducing the problem of password reuse across multiple accounts.” However, he cautioned that businesses must also protect their password managers with strong master passwords and secondary measures like two-factor authentication to mitigate the risk of these tools being compromised.
Additionally, Fielding highlighted the often-overlooked importance of securing peripheral devices such as external drives and USB sticks. He pointed out that many companies focus primarily on conventional endpoints like computers and mobile devices while neglecting the potential security vulnerabilities presented by peripherals. “These devices should be encrypted and password protected as part of the acceptable use policy to ensure they remain secure in the event of loss or theft,” he stated.
As evolving security technologies look to reshape online protections, the anticipated end of the password has not yet been realized. Fielding acknowledged, “Despite predictions of the imminent demise of passwords, they remain the primary means of safeguarding data, complemented by additional security measures such as multi-factor authentication and zero trust protocols.”