{"id":24417,"date":"2025-09-09T07:00:02","date_gmt":"2025-09-09T05:00:02","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=24417"},"modified":"2025-09-11T10:15:56","modified_gmt":"2025-09-11T08:15:56","slug":"password-hygeine-in-2025","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2025\/09\/09\/password-hygeine-in-2025\/","title":{"rendered":"Password Hygiene in 2025: Why SMEs Can’t Afford to Ignore this & Why MFA is the minimum protocol"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Partners4_Ensurety\"<\/figure><\/div>
\"Partners7_Passware\"<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"Password\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Freepik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Helping Keep Small Business CYBERSafe!
\n<\/strong>Gibraltar: Tuesday 09 September 2025 at 08:00 CET<\/p>\n

Password Hygiene in 2025: Why SMEs Can’t Afford to Ignore this & Why MFA is the minimum protocol
\n<\/strong>By: Iain Fraser<\/a> – Cybersecurity Journalist<\/a>
\nPublished in Collaboration with: Nord Pass<\/a>
\nSMECyberInsights.co.uk<\/a> –\u00a0<\/a>First for SME Cybersecurity
\n<\/a>Google Indexed on 090925 at 09:30 CET<\/a>
\n#SMECyberInsights\u00a0 #SMECyberAwareness\u00a0 #CyberSafe #SME #SmallBusiness #MFA #PasswordHygiene #BestPractice<\/em><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Password Hygiene in 2025: Why SMEs Can’t Afford to Ignore this & Why MFA is the minimum protocol<\/strong><\/p>\n

The question isn’t whether password hygiene has improved \u2013 it’s whether businesses can survive another year pretending it has. Despite decades of cybersecurity awareness campaigns, password education, and high-profile breaches making headlines, the uncomfortable truth remains: weak passwords are still bringing down companies in 2025, and SMEs<\/strong><\/a> are particularly vulnerable.<\/p>\n

The Sobering Statistics<\/strong><\/p>\n

Recent industry research paints a disturbing picture. 87% of breaches this year were due to identity vulnerabilities, whilst the Verizon 2025 Data Breach Investigations Report reveals that 60% of breaches involve a human element, such as compromised user credentials or phishing<\/strong><\/a>. For SME<\/strong><\/a> owners, these aren’t just statistics \u2013 they represent potential business extinction events.<\/p>\n

The human factor remains the weakest link. 1Password found that 61% of employees reuse passwords, while 28% do “nothing special” to manage or secure their passwords. Perhaps most alarmingly, even when they knew a password was breached, 9% still took no action to improve it.<\/p>\n

For smaller businesses operating on tight margins, this complacency carries devastating financial implications. The average breach cost has reached $4.88 million \u2013 a figure that would bankrupt most SMEs<\/strong><\/a> overnight.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"Passwords\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Freepik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Why Traditional Password Policies Have Failed SMEs<\/strong><\/p>\n

SMEs<\/strong><\/a> face unique challenges that make traditional password hygiene approaches particularly ineffective. Unlike enterprise organisations with dedicated IT security teams, SMEs<\/strong><\/a> often rely on generic password policies that employees find cumbersome and eventually circumvent.<\/p>\n

The fundamental problem isn’t employee laziness \u2013 it’s cognitive overload. Modern workers juggle dozens of accounts across multiple platforms. Expecting them to remember complex, unique passwords for each system is unrealistic, especially when 47% of Americans forget passwords several times per month.<\/p>\n

Traditional approaches like mandatory password changes every 90 days have proven counterproductive, often leading to weaker passwords and increased help desk calls \u2013 resources SMEs<\/strong><\/a> can ill afford to waste.<\/p>\n

The Passwordless Revolution: Finally, Within SME Reach<\/strong><\/p>\n

The solution isn’t better passwords \u2013 it’s eliminating them entirely. Passwordless authentication represents the most significant shift in business security since the advent of firewalls, and it’s no longer exclusively for enterprise giants.<\/p>\n

Experts predict that more than half of the workforce and over 20% of customer authentication transactions will be Passwordless by 2025 \u2013 a massive increase that reflects both technological maturity and business necessity.<\/p>\n

For SMEs<\/strong><\/a>, Passwordless authentication offers compelling advantages: reduced help desk calls, improved user experience, enhanced security, and elimination of password-related breaches. Technologies like biometric authentication, hardware tokens, and mobile-based authentication apps have become affordable and user-friendly.<\/p>\n

\ufeff<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More\/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"CYBERInsights\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: IfOnlyCommunications<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\"nordvpn\"<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

UK Small Business Owner? Join SMECyber Free Now! & Access the SME Cyber Forum – Read, Learn, Engage, Share …<\/h4>\n

The Latest SME<\/strong> Cybersecurity News, Threat Intelligence & Analysis, Timely Scam Alerts, Best-practice Compliance, Mitigation & Resources specifically curated for UK Based SMEs<\/strong> in a Single Weekly Email direct to your Inbox or Smart Device together with Unrestricted Free Access to our entire SME<\/strong> Cyber Knowledge & Tutorial Library.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"There's\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

NordPass: Powerful, Simple Password Security for UK SMEs <\/strong>Cyber threats are rising \u2014 and weak, reused, or shared passwords remain one of the easiest ways for criminals to break into your business. NordPass<\/a><\/strong> is a trusted password manager built by the cybersecurity experts behind NordVPN. It helps individuals and small businesses protect access to emails, systems, customer data, and accounts \u2014 all with minimal effort and maximum peace of mind. Start your NordPass Business trial today here<\/a><\/strong><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"Data<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>
\"CI_Feature<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Image Credit: Freepik Image Credit: Freepik Learn More\/… Image Credit: IfOnlyCommunications Learn More \/… Learn…<\/p>\n","protected":false},"author":1,"featured_media":24418,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[586],"tags":[588,556],"ppma_author":[505],"class_list":["post-24417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practice-advice","tag-bestpractice","tag-mfa"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik.jpg",1430,954,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-150x150.jpg",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-300x200.jpg",300,200,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-768x512.jpg",640,427,true],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-1024x683.jpg",640,427,true],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik.jpg",1430,954,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik.jpg",1430,954,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-1024x683.jpg",1024,683,true],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2025\/08\/Passwords-Freepik-540x340.jpg",540,340,true]},"author_info":{"display_name":"Cybersecurity Journalist Iain Fraser","author_link":false},"category_info":"BEST PRACTICE ADVICE<\/a>","tag_info":"BEST PRACTICE ADVICE","comment_count":"0","authors":[{"term_id":505,"user_id":1,"is_guest":0,"slug":"admin_yjdstq4n","display_name":"Cybersecurity Journalist Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/24417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=24417"}],"version-history":[{"count":28,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/24417\/revisions"}],"predecessor-version":[{"id":24703,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/24417\/revisions\/24703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/24418"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=24417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=24417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=24417"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=24417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}