Businesses Warned of Ongoing Risks Linked to Poor Password Management
Despite significant advancements in cyber protection tools, businesses continue to face substantial risks due to inadequate password management practices. Industry experts are increasingly vocal about the vulnerabilities posed by failing to implement strong password policies on a corporate level.
Jon Fielding, the Managing Director for EMEA at Apricorn, highlighted the alarming statistics from the Cyber Security Breaches Survey 2025, which reveal that over a quarter of businesses—27%—lack any formal password policy that mandates the creation of strong passwords. He emphasizes that such negligence can pave the way for cybercriminals to easily guess or steal user credentials. These stolen login details can subsequently find their way onto black markets, where they are sold and then exploited for credential stuffing attacks. These attacks enable hackers to easily access and take control of online accounts, leading to significant instances of fraud.
Fielding is particularly concerned with the current state of password management within organizations. He insists that merely having a password policy is not enough; it must also enforce complexity requirements that ensure users create robust passwords. "It is essential that businesses not only implement a password policy but also enforce strict criteria—such as requiring passwords to be of sufficient length and containing a variety of characters, including both upper and lowercase letters," he explained. Interestingly, Fielding notes that the old practice of requiring frequent password changes is becoming counterproductive. Forcing users to change their passwords routinely can lead to frustration, often resulting in them either making only marginal modifications to their current passwords or opting for simpler variations that are easier to remember and therefore more susceptible to brute-force attacks.
Addressing new trends in password management, Fielding noted the notable rise of password managers and browser-integrated tools, which have emerged as significant assets in mitigating issues associated with password reuse. He remarked, "Password managers are increasingly commonplace and can generate unique passwords, reducing the likelihood of individuals using the same password across multiple accounts." However, this increased reliance on password managers presents its own set of challenges. Fielding cautions that while they are effective, their security must not be overlooked, as they themselves could become targets of cyberattacks. "To safeguard against these risks, it’s vital that users employ a strong master password and additionally protect their password managers with two-factor authentication (2FA)," he stated.
Moreover, Fielding urged organizations not to ignore the security of peripheral devices such as external hard drives and USB sticks. He pointed out that these devices are frequently overlooked in favor of more traditional endpoints like desktop computers and mobile phones. "Businesses often ignore the importance of password-protecting their peripherals, instead focusing solely on their main devices," he said. Fielding advocates for the encryption and password protection of external drive systems, emphasizing that when personal devices are authorized for use in a corporate environment, proper security measures should be outlined clearly in the acceptable use policy. Protecting sensitive information on these devices ensures that even if they are lost or stolen, unauthorized individuals cannot access the encrypted data.
As for evolving security technologies, Fielding recognizes that predictions about the disappearance of passwords haven’t yet come to fruition. "Historically, there have been numerous forecasts claiming the imminent death of the password, with alternatives like passkeys and biometrics attempting to replace it. However, the reality is that passwords continue to serve as a primary means of safeguarding our data," he explained. He believes that the traditional password will remain relevant for the foreseeable future, especially when bolstered by additional security measures such as multi-factor authentication and zero trust security frameworks.
In conclusion, the conversation around password management is more critical than ever, particularly for businesses navigating the complexities of online security. As cyber threats continue to evolve, companies must prioritize the implementation and enforcement of strong password policies while adopting innovative security measures to protect sensitive data across all devices. The message is clear: a proactive approach to password management is essential to safeguard against potential cyber threats in an increasingly digital landscape.