Every year, the list of the most common passwords circulates on the internet, and every year, it’s just as concerning. People are still using “123456” and “password” like it’s 1999. Meanwhile, cybercriminals don’t need cutting-edge hacking tools when people hand them the keys.
Research shows that 40% of passwords used by corporate employees are identical to common ones used by everyday internet users. In other words, simple passwords that people rely on for social media and shopping accounts also protect company data. That’s like locking the front door but leaving all the windows wide open.
MSPs can only do so much to help protect businesses from cyberattacks. Employees play a major role in cybersecurity, and password security is often overlooked.
This is why National Password Day (May 2) exists—to remind everyone that strong passwords aren’t optional. Just one weak password can open the door to data breaches, financial losses, and plenty of headaches.
So, in honor of National Password Day, let’s talk about what makes a strong password, why password managers should be a standard business tool, and how companies can tighten security across the board.
The Password Security Checklist: Is Yours Strong Enough?
Most people assume their passwords are “good enough.” But they aren’t. A secure password needs to be long, unpredictable, and unique. Here’s what that actually means:
- Length matters. A password should be at least 12–16 characters. Shorter passwords are easier to crack.
- Complexity counts. Combining uppercase and lowercase letters, numbers, and symbols makes guessing harder.
- Predictability is a problem. Birthdays, locations, pet names, and favorite sports teams are bad choices. If it’s easy to remember, it’s probably easy to guess.
- Recycling is risky. If the same password is used across multiple accounts, one leak puts everything at risk.
- Passphrases beat single words. A random string of words— “desk-lamp-marathon-cookie” —creates a long, strong password that’s easier to recall than a jumble of characters.
For businesses, these rules need to be more than guidelines. They should be enforced company-wide. Employees won’t take security seriously if the company doesn’t, either.
Stay alert for Compromise
It used to be common practice to change passwords every few months, based on the idea that it reduced long-term risk. But we now know that frequent, scheduled changes don’t do much to improve security and can sometimes make things worse.
Instead of changing passwords every few months on a schedule, focus on updating them when there’s a real reason to. That includes if:
- You suspect a breach
- You accidentally shared a password
- You’ve reused the same password in multiple places
- You’re using an account with elevated privileges (like admin or financial access)
For most users, sticking with a strong, unique password and enabling multi-factor authentication (MFA) is far more secure than frequent password changes.
Be Careful with Security Questions
Security questions are often used as an additional layer of security for password recovery. However, they can be easily guessed or found on social media and other online sources.
To increase the security of your accounts, choose unique and difficult answers to security questions. Avoid using common information such as your mother’s maiden name or your pet’s name. If your friends could easily guess the answer, it is not secure enough.
Avoid Sharing Passwords
Sharing passwords with others, even close family or friends, is never a good idea. Not only does this compromise the security of your account, but it also puts trust in someone else to keep your information safe. If that person’s device or account is hacked, your password could potentially be exposed as well.
The Case for Password Managers
People are generally pretty bad at passwords. They make them too simple, reuse them across sites, or forget them altogether. That’s why password managers (like Keeper) exist—to eliminate the guesswork.
A password manager generates, stores, and auto-fills complex passwords so users don’t have to remember anything beyond a single master password. For businesses, this means employees aren’t using sticky notes, spreadsheets, or whatever their go-to easy-to-remember phrase is.
But convenience isn’t the only selling point. Password managers also:
- Stop password reuse. Employees no longer need to recycle the same login across multiple sites.
- Secure passwords with encryption. Even if a hacker gets into the system, the passwords remain protected.
- Work across devices. Whether an employee logs in from a laptop, phone, or tablet, passwords stay accessible but secure.
- Provide admin control. Businesses can set password policies, revoke access when employees leave, and monitor security risks.
People’s biggest reason for resisting using a password manager is that they think it’s complicated. But resetting a dozen hacked accounts after a breach is much more complicated.
No One Can Afford to Ignore Password Security
Hackers don’t need sophisticated tactics when weak passwords do the work for them. And businesses that assume they’re too small to be targeted are playing a dangerous game. A single compromised password can lead to data breaches, financial loss, and reputational damage.
National Password Day reminds us that strong security isn’t just about individual habits—it’s about company-wide policies that prevent problems before they happen. Businesses that take passwords seriously don’t just avoid breaches; they build a culture where security is part of the foundation.
