Search Our Site

We have 3,752,060 registered online learners.
553 new learners so far today.

How stronger passwords can protect your company from cyber security risks

schedule 25th August 2017 by Alex Bateman in Virtual College Last updated on 24th April 2018

Secure passwords, generators and managers

In the increasingly complex world of modern business cyber security, the humble password has become one of the simplest - yet also most important - tools for keeping data thieves and attackers at bay.

As technology evolves, the various services and tools that companies use to manage and safeguard their valuable data are growing ever more sophisticated - and yet all it takes to give cyber criminals free access to all of this crucial information is a weak or easily-guessed password.

However, despite the critical importance of strong passwords as a means of safeguarding company data, it remains all too common for business owners and employees alike to fail to follow best practice guidelines when it comes to selecting a strong password. Given that data security has become more central to the success or failure of a business, it's about time that companies take the necessary steps to make sure their workers are taking this issue seriously.

What are the most common passwords?

The troubling trend of weak passwords was highlighted by a report compiled earlier this year by Keeper Security, which analysed ten million passwords used across a variety of data breaches that occurred in 2016 - revealing just how many users are putting their own security at risk.

The most common password on the list was 123456, an incredibly weak and simplistic password that was nevertheless utilised by 17 per cent of the accounts analysed in this study. The remainder of the top ten was populated by equally flimsy passwords, including 123456789, qwerty, 12345678, 111111, 1234567890, 1234567, password, 123123 and 987654321.

Keeper Security's analysis noted that four of the top ten most common passwords are only six characters or shorter in length, while the top 25 passwords of 2016 were shown to account for more than 50 per cent of the ten million analysed in this study.

Why do weak passwords pose such a risk?

In a sense, it's understandable that many people prioritise ease of recollection when selecting passwords, in an era where most individuals are juggling dozens - or even hundreds - of password-protected accounts at any given time. However, that does nothing to detract from the extreme security risk this habit can pose, especially when it comes to accessing sensitive corporate systems.

Modern cyber criminals often have access to brute-force cracking software and hardware, utilising dictionary-based algorithms that can decode short passwords based on sequential key variations in a matter of seconds. However, even in cases where these kinds of tools are not available, passwords such as "123456" or "password" are so common that they can simply be guessed with no expertise whatsoever.

Once a criminal has access to a business-critical system, there's no estimating the amount of practical or reputational damage they can do, so it's essential that managers do everything in their power to make sure their organisation isn't falling short on this most basic of cyber security challenges.

What can businesses do to address this issue?

Keeper Security's report noted that the list of the most-frequently used passwords has changed very little over the past few years, despite high-profile efforts to raise awareness of the associated risks.

For businesses, this means being aware that many workers are always going to have a lax approach to password security without sufficient motivation to change. As such, companies should be looking to enshrine the importance of secure passwords as a crucial pillar of their cyber security training, with regular reminders of the necessity of following key guidelines to ensure better protection.

For example, staff should be reminded to opt for longer passwords that incorporate a variety of numerical, uppercase, lowercase and special characters wherever possible, and to avoid common passwords that rely on sequential key variations that may be vulnerable to brute force attacks. It may also be worth investing in technology such as password managers that can generate strong, unique passwords automatically, while also simplifying the process of storing and managing this information.

In doing so, businesses can make sure they are not falling into one of the most easily-avoided cyber security pitfalls, while empowering staff to make a contribution to better data protection for only a small investment of time, effort and diligence.

Summary: Using common passwords can compromise a business's entire cyber security strategy, which is why it's important for companies to make sure their staff are aware of the need to take this issue seriously.

Most common passwords of 2016

Related resources

Alex Bateman - Virtual College

Author: Alex Bateman

Alex is interested in the strategic application of learning and development. In particular how organisations can promote engagement with ongoing learning campaigns. He spends his spare time renovating his Victorian house. Ask him about his floors, I dare you.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.