The solution to your business’ password problem is here

The Solution To Your Business' Password Problem Is Here

By Helen C                                                                                                                                                                                                                              June 2024

The password problem

Since the dawn of working online and in apps we have had to remember passwords. And we’ve created some interesting password solutions to remember them:

  • The sticky note – writing our passwords down and sticking them to the monitor on our screen
  • The sneaky aide memoir – the password list in the back of the diary, the piece of paper strategically kept in a bag
  • One size fits all – Using the same password for every single account.
  • The parrot – password, password, password, password.
  • Easy – 12345, qwerty, asdfg

Most of us will be guilty of using one of these methods at some point in time. Or we know someone who uses them. The problem is this method of facing the great password conundrum is leaving your business systems and applications vulnerable to being hacked.

The solution we love to ignore

We all know that we should have a different password for each app we use. They teach it in schools, it’s part of good business practice. Some of you might even be nodding along thinking you don’t need reminding you know the password solution. While also having a sneaky ‘password’ password lurking in your account portfolio.

It is a simple solution to remember: 

A scientist with a stick pointing at a formula

You know it. You know the formula and are fed up with being told the formula. You understand it is the solution to safeguarding your systems and information. Yet, the statistics say something else.

5 startling stats about passwords

  • 44% of employees say they use the same password at home and at work.
  • The National Cyber Security Centre finds in breach data that 23.2 million people who have been victims of cyber-crime globally all used the same password: 123456
  • 81% of security breaches, according to Verizon statistics, are due to poor password management.
  • 3 in 10 UK businesses have no password policy
  • The most common cause of cyber attack is through compromised credentials. It’s responsible for a huge 61% of malicious breaches.

The statistics show that there is something more to understand about passwords.

Currently, most businesses do not have passwords that are secure. Businesses are vulnerable to cyber-attack. Businesses and their employees keep repeating the practices they know they shouldn’t, and it looks like they are stuck in a loop with passwords.

Getting out of the loop

Many businesses struggle with feeling as though they are potentially sounding patronising and insulting the intelligence of their team when discussing passwords. This is often particularly true if you employ a large percentage of people who are Millennials and Gen Z. You may assume they are tech savvy and know how to create their own secure passwords. That assumption is however the first part of the cycle that needs to be broken.

What makes a secure password?

Educating yourself and your team about what makes a secure password is good business sense. A secure password is:             

  1. A minimum of 20 characters long
  2. Uses a random combination of letters, numbers and special characters
  3. Does not use personal information or phrases that would be easy to guess, like your birthday or the name of the pet who is all over your Instagram page.
  4. Is not repeated across accounts.

This may seem like a somewhat daunting and unrealistic proposition to implement for your team. Asking them to create and remember a password that meets these criteria for every account your business has – it’s a lot. You may be thinking that it is too much to expect your team to use and remember. Perhaps that is the reason why passwords pose such a problem.

An actionable solution for your team to create and maintain secure passwords is the solution.  Positive and proactive wording of clear steps to be followed are easily managed solutions you can implement as a business.

Have a password policy

A password policy removes the assumption of employee password knowledge from your business by providing a framework for password use and creation across all accounts. This strengthens your business’ security by securing vulnerabilities in the passwords protecting your accounts.

Password policies provide a set of guidelines which your team must follow. It is an essential step to take so you can avoid being part of the 80% who attribute their data breaches to weak password security.

Figures like this leads to password policies sounding rather severe.

Example of a typical password policy

A typical password policy will often use the following styles of phrases and include the following:

  1. Implementation of long passwords with a minimum length of 20 mixed numerical, upper and lower case and special characters
  2. Every account needs to have a new and unique password which meets the standard laid out in step 1
  3. Multi-factor authentication (MFA)
  4. Prohibition of the reuse of business passwords
  5. Prohibition of common words and phrases
  6. Update passwords often
  7. Team updates will be given regularly

These are all necessary and valid steps for creating a password policy. The steps are essential for good password hygiene, but they still present challenges.

Password policy challenges

Password policies are a minefield of do not statements and requirements, which in themselves provide challenges for implementation and employee uptake. The challenges:

  • They are negative and off-putting to implement
  • There are a lot of steps to follow
  • The employee is responsible for creating the passwords to meet policy criteria
  • The employee is less likely to remember the passwords
  • Where do you store the passwords?

The answer to these challenges is to implement a password manager and a policy which subverts the do not and has realistic employee expectations.

Use a password manager as part of your password solution

A password manager is a system that stores all your passwords for you. It can be used to generate long character passwords which do not use common words or phrases. It also stores all your passwords in one account. This means staff are only required to have one password – the one to log into the password manager.   

At Cirrus we recommend the use of a password manager to all our customers, and we are proud to partner with Keeper for password management. It is a system we use ourselves and have a wealth of knowledge and expertise in using.

A password manager is a secure way of managing passwords and when used in conjunction with a password policy and Multi-Factor Authentication (MFA), it adds value to your business.

Adding value to your business

A password manager solves the barriers businesses face when trying to implement the use of a good password policy into their cyber security protocols. Password managers add value to your password and cyber security strategy by:

  1. Generating strong passwords for you
  2. Storing all passwords securely
  3. Staff only need to remember one password
  4. Control over who has access to passwords and accounts
  5. Compliance with GDPR
  6. Reduce risk of cyber-attack
  7. Can be used in conjunction with MFA

A detailed look at the benefits

Now we have listed the benefits, lets take a look at them in more detail to understand the true value a password manager brings to your business.

Generating strong passwords for you and your staff

The password manager can generate the passwords for your employees saving their time and reducing their responsibility. It is more likely to be adopted when it takes only a few minutes to do. Staff will have to be advised not to copy the passwords. They will be harder to copy though as password managers are programmed to create long passwords with combinations of characters not easily remembered.

Storing all your passwords securely

All your passwords are in one convenient location. This removes the risk of staff storing passwords in plain sight on pieces of paper attached to their monitor. It also removes the risk of staff losing pieces of paper where passwords have been kept. The password manager eliminates the gaping vulnerability left by the innovative ways your employees choose to store their passwords for your systems.

Employees only need one password

One password means less to remember. This puts less responsibility on your employees and means they are more likely to remember their one long password.

Control over who has access to passwords and accounts

You can choose who has access to which accounts. With greater access control you keep the sensitive data you are responsible for storing safe, providing customers with greater reassurance. The last thing your business needs is a hack that a staff member is responsible for, either knowingly or unknowingly. By limiting access and knowing who has been given access you will be creating a robust security protocol for your business.  

Compliance with GDPR

GDPR requires businesses to store data responsibly and securely. A password manager is both a responsible and a secure way to store data. Through managed access and stronger passwords, you are putting in place a solid defence system for your data.   

Reduce risk of cyber-attack

Cyber-attacks are reduced through the use of strong passwords as it takes hackers longer to break into accounts. If a hacker breaks into a password manager and you have limited access to your business accounts, the hacker is less likely to fully compromise your entire business operation. The best way to prevent a hacker getting in is to add layers to your password protection by using MFA.

Can be used in conjunction with MFA

MFA adds extra layers of protection to your now robust password access policy within the password manager. Adding MFA to your password manager access process means that should your employees revert to storing their one password in an unsafe way and it becomes compromised, the hacker is still locked out. This is because the account is verified with more than just a password.

The benefits of a password manager coupled with a positive approach to password management within your business is key to implementing a solution to the password problem.


"The advance of technology is based on making it fit in so that you don't really even notice it, so it's part of every day life."


Implement a “how to” policy

The guidance about passwords is often about what not to do, rather than what to do. This leaves you armed with lots of don’ts, but no how to. A how to has a more proactive tone and can be branded to be part of your culture and part of your induction for new starters. It is a solution which fits in with your business. A solution which runs effectively and becomes part of your every day business culture.

Did you know that positive re-enforcement is proven to get better results faster, and it leads to higher engagement from your team and better outcomes for your business?

A ‘how to’ use approach to password policy is educational and functional. Including guidance on how to use your password manager is necessary and helps to remove any awkwardness about explaining company password use to employees.

Asking employees to remember only one password for a password manager which uses other methods of authentication to maintain security provides the best solution to the password problem.

For more information about implementing a password policy in conjunction with using a password manager and MFA, why not drop a message here? One of our friendly team will be happy to have a chat to see how we can help your business. 

Why not take a look at our most recent MFA article next: What is MFA? Why is it important? 

Related Posts