There’s good reason to improve password security in 2024. The UK government’s Cyber Security Breaches Survey 2024 found that 84% of businesses who suffered an attack in the past 12 months were targeted by phishing emails – and that’s just one way passwords can leak.
For medium to large businesses, the average cost of a breach is over £10,000, and for companies of all sizes it’s over £1,200. If you’re keen to improve password security for 2025, our top 6 password tips have got you covered.
Remember, it’s good practice to carry out a Cyber Security Risk Assessment on a regular basis, to check that your systems are still secure and to protect against emerging threats.
1. Make a point of variation
Top on our list of password security tips is one of the most common mistakes people make, and that’s using one plain-text password for every website or system.
Using a variety of randomly generated passwords means that if your credentials fall into the wrong hands, a maximum of just one login is compromised. If you use the same password on every site, your entire online identity could be under threat.
This is also a good reason to carry out a Dark Web check for leaked passwords as part of any IT disaster recovery procedures.
2. Use password managers
A secure password manager is a great addition to your preventative cyber security measures. It can store those long, randomly generated, unique passwords so that you don’t have to write them down or risk forgetting them.
Of course, it’s important to protect access to the password manager itself – but it’s much easier to do that than it is to secure everything else if your password is weak.
3. Maximise characters and sequencing
Third in our list of password best practices is probably the most annoying aspect of generating a secure password, but it’s one that you shouldn’t neglect. Nowadays, you’ll often be prompted to include one uppercase, lowercase, numbers and special characters (such as * # @ £ etc.). But when you’re not prompted, this isn’t because the website is super secure! It’s simply a lax registration system, so it’s even more important to follow this rule.
For example, a 3-digit numbers-only password has 1,000 combinations (ranging from 000 to 999). Add the 26 lower-case letters to the 10 digits and you get 36 x 36 x 36 possible passwords, a total of 46,656 different options. Add upper-case into the mix and that number rises to nearly 240,000 for just a three-character password.
According to Security.org, an 11-letter lower-case password can be cracked by brute force in a day. But a 12-character password with upper and lower case, punctuation and numbers would take up to 34,000 years to hack. It’s worth making that extra effort.
4. Avoid easily identifiable keywords
Another of the top password best practices is to avoid using personal information in your password. We’ve all seen movies where a character’s computer gets hacked because their password is the name of their pet dog – don’t be that person in real life.
Human error is one of the most common risks to cyber security, and that includes choosing a password that is easy to guess.
This again goes back to the benefits of using long, randomly generated, unique and complex passwords (and it’s a reason why using all of these top 6 password tips is better than using just one or two).
5. Add layers of protection
Two-factor authentication, or 2FA, is commonplace when logging into online banking and some social networks. It ensures that even with your password, an unauthorised individual cannot log into your account without a one-time PIN or passcode that is sent to your phone or email.
If you’d like to know more about how to implement this on your own systems, ask your cyber security provider for advice. All of the other password security tips on this list still apply, but 2FA adds that extra layer of protection during the actual act of logging in.
6. Have some social awareness
With more cyber crime every year, social awareness is higher on the agenda than ever when it comes to protecting your password security in 2024. Employees should be trained to spot phishing attempts and suspicious links, as well as spoof online forms that hope to collect your login details.
It’s important not to let your guard down, especially as your human workforce is located inside your network’s secure firewall. In case a successful hack slips through that safety net, make sure you invest in cloud-based disaster recovery as a service to get you back up and running.
The coming months will start to reveal the developing trends in password security for 2025, but following our password best practice tips will give you a head start against the hackers. If you haven’t reviewed your passwords recently, make a plan to do so before the end of the year.
If you would like to speak to one of our experts about how to make your systems even more secure using 2FA, email antivirus and other techniques, ask Venom IT about our security solutions today.