80% of Data Breaches are Due to Weak Passwords. Here's the Solution


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Friday, September 3, 2021

According to the World Economic Forum, 80% of breaches "are perpetrated from weak and stolen passwords". This is an avoidable statistic - but how can you protect your business in the fight against cybercrime?

Article 3 Minutes
80% of Data Breaches are Due to Weak Passwords. Here's the Solution
  • Home
  • IT
  • Security
  • 80% of Data Breaches are Due to Weak Passwords. Here's the Solution

If you work in any IT or cybersecurity role, you’ll be painfully aware of the threats that hacking can have on a business. With cyber criminals broadening their focus, targeting businesses of all sizes rather than just the big players, it’s more important than ever to protect your data with strong passwords.

What makes a strong password?

A strong password is one with high entropy, but most importantly, one that your employees can remember. These two factors don't tend to go hand in hand. A high entropy password can seem like a random string of letters, numbers and special characters, making it borderline impossible to remember without proper techniques. These expectations, paired with the hundreds of unique logins that users are faced with every day, can lead to lazy, poor password writing, leaving your business vulnerable.

Some common examples of poor passwords include:

  • 123456
  • biteme
  • letmein
  • password1
  • qwerty
  • password
  • admin
  • 12345
  • iloveyou
  • 123123

There are lots of strategies out there for generating and remembering high entropy passwords. One successful technique is as follows:

  • Take a line from a favorite book, TV show, song, nursery rhyme, or something memorable.
  • Take the initial letters from the words in the line and merge them.
  • Change some into numbers and other symbols, capitalize others.

Take for example, a line from a nursery rhyme:

"Twinkle twinkle little star how I wonder what you are, up above the world so high."

The 16 initials in this phrase are: ttlshiwwyauatwsh

Changing some letters to symbols and capitalizing others gives:


What’s created is a strong, reasonably uncrackable password, but repeating this process for the hundreds of passwords employees have at their fingertips is a huge expectation.

To put it simply, everyone knows what a good password is supposed to look like - a long string of digits with no perceivable correlation to one another. But this isn't practical. With the hundreds of logins that an individual in today's society must remember, how can you expect your staff to take on that mental burden and consistently produce unique and high-security passwords?

You don't have to. With a password manager, you can lift the weight off of your employees' shoulders.

How can a password manager help you improve security?

Employees are expected to juggle more online accounts than they could possibly recall. It can sometimes seem like an inhuman feat for an individual to manage, remembering hundreds of unique codes, all with no relation to each other. This is where a password manager can step in.

A password manager is a tool that does the work of formulating, remembering and filling in passwords, reducing employees' mental load and ensuring utmost security. It’s easily accessible and updated constantly. When an employee logs in to an online account for the first time, a password manager will safely store their username and password, so every time they go back to that site, their credentials will be filled in automatically.

Why should you embrace a Single Sign-On (SSO) solution?

With SSO, employees can access applications with one set of login credentials, based on their identity and permissions. This saves them from the burden of memorizing multiple, strong passwords and providing your business with an added layer of security.

This approach to authorization relies on Security Assertion Markup Language (SAML), a secure, behind-the-scenes protocol, meaning employees can use apps on the cloud, mobile, legacy and on-premise formats depending on their status.

With the rise of hybrid work environments, employers are allowing employees more freedom of where they work. Using an SSO ensures synchronicity and will enable employees to access company information on-demand via fast and straightforward tools.

SSO and password managers can be your business's first line of defense against a cyber attack, facilitating a more secure work environment, aiding in the fight against cybercrime, allowing you to carry out business as usual.

Further reading:

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...