ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471
ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471

Your Business Passwords Are Still Too Weak – And It’s Putting You at Risk

Michael Tunstall

July 18, 2025

Still using a password like “123456” or “password123” somewhere in your business?

You're not alone. But that doesn’t make it OK.

Weak passwords remain one of the most common – and dangerous – security risks for businesses today. Despite years of warnings and endless high-profile data breaches, the same predictable combinations are still in use. And cyber criminals are loving it.

Recent research shows “123456” is still the most common password in business. Followed closely by “password”, “qwerty123”, and other shockingly simple variations.

These aren’t just poor choices. They’re an open invitation to hackers.

And it’s not just large enterprises making these mistakes. Small and medium-sized businesses are often more exposed. They may lack advanced security infrastructure – and when things go wrong, the impact can be even more damaging.

All it takes is one weak password. One reused login. One lapse in judgement. And cyber criminals could gain access to:

  • Company emails

  • Financial systems

  • Sensitive client data

  • Shared files and documents

Think your business is too small to be a target? Think again. Criminals don’t discriminate. They go for the easiest route in – and weak or reused passwords are exactly that.

So, what makes a password “too weak”?

  • Using your name, business name, or email address

  • Passwords under 12 characters

  • Common phrases like “iloveyou” or “letmein”

  • Simple keyboard patterns (yes, “qwerty” again)

Even if your team isn’t using “123456”, chances are someone’s still cutting corners.

What should you be doing instead?

Use long, randomly generated passwords
Create strong, unique passwords for every system or app. Mix letters, numbers, and symbols – and don’t use anything personal or predictable.

Use a password manager
No one can remember 30+ secure passwords. A good password manager stores and autofills them safely, keeping things simple for your team.

Enable multi-factor authentication (MFA)
Even if a password is stolen, MFA adds another security layer. It’s a small step with a massive impact on your overall protection.

Start exploring passkeys
Passwordless login is on the rise. Passkeys use biometrics or device-based authentication and are far harder to compromise. It’s safer – and easier for staff to use.

Strong login security is your first line of defence.

And in 2025, there’s no excuse not to take it seriously.

Need help reviewing your business’s password policy or rolling out secure login tools like MFA or passkeys? We’d love to help – just get in touch.

<All Posts