To help security leaders and organisations on Safer Internet Day, Darren James, Senior Product Manager and cyber security expert at Specops Software, has penned a piece with some advice.
“To celebrate Safer Internet Day (SID) on February 11 and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet”, we’ve decided to focus on a critical element within security that many people will be familiar with but seemingly don’t give due attention: passwords.
“For the modern person, our daily lives largely involve the internet. Whether that be online banking, connecting with friends and family on social media, checking email, shopping for groceries, or so on.
“Access to all of these services requires a login and a password. Now, you may think users are using strong, unbreakable, long passwords, not least because many sites now mandate passwords to meet certain requirements.
“After all, passwords are often all that separates the outside world from gaining entry to our sensitive information.
“However, this isn’t the case as many people are still either not changing the default password or using generic, easy-to-crack credentials instead. Speaking plainly, most of us are guilty of using lazy passwords, or reusing credentials at some point in our lives.
“This poor display of security behaviour is very visible in the working world and our recent findings in the 2025 Breached Password Report only highlight the critical importance of SID’s mission in improving cybersecurity habits for everyone.
“The password “123456” was the most frequently compromised, appearing in more than 1.4 million leaked credentials. Alarmingly, among the 1.8 million breached administrator credentials, 40,000 admin portal accounts used “admin” as the password, highlighting that even IT professionals may not be prioritising security.
“Over a 12-month period, more than one billion credentials and passwords were stolen through malware attacks. This alarming statistic underscores the need for robust cybersecurity measures and increased awareness about online threats.
“One of the key findings is that 230 million of the stolen passwords met common complexity requirements (over eight characters, including uppercase letters, numbers, and special characters).
“This indicates that adhering to standard password policies alone is insufficient to protect against sophisticated attacks.
“With breaches often costing companies millions for each incident, the cost of lazy passwords could be seriously detrimental to any business.
“The stats highlight the brutal truth that relying on end users to maintain strong password security is a losing battle. Even with cybersecurity training and strict password policies, human error remains the weakest link.
“Security professionals must take a proactive approach (that does not rely on end users) by implementing robust security measures – such as multi-factor authentication (MFA) and password managers – rather than assuming awareness alone will keep systems secure.
“Enhancing password security is crucial for protecting organisations against cyber threats. Here are five key tips to strengthen your organisation’s password practices:
Train Employees on Secure Password Practices
“Educate staff on password security risks, such as weak storage methods and easily guessed passwords. Ultimately, we want to help users by providing detailed, local language feedback when they set or change their passwords.
Enforce Strong Password Policies
“We want to encourage the use of longer passphrases, using memorable words so that users are less likely to write them down. Policies can include increased password expiry time but to avoid users incrementing the same password, organisations must continuously check the password and require it to be changed if it becomes breached.
“Furthermore, certain departments or individuals may require specific password policies for compliance requirements, so this needs to be accounted for.
Defend Against Brute-Force Attacks
“Protect accounts by locking them after multiple failed login attempts and blocking suspicious IP addresses. Configure these settings in Active Directory and other security systems.
“Organisations can start by blocking easy-to-guess passwords that might relate to the company or business.
First-Day Password & Promptly Deactivate Departing Employee Accounts
“When a new employee joins, having a “First Day Password” security capability will enable the user to securely set their initial password, eliminating the need for IT to share temporary credentials and reducing onboarding security risks.
“Moreover, when an employee leaves the company, immediately disabling accounts will prevent unauthorised access. Updating shared passwords will also minimise security risks.
Implement Multi-Factor Authentication (MFA)
“Strengthen security by requiring multiple verification steps, ensuring access is not solely dependent on passwords.
“With Safer Internet Day 2025, we can’t let another year pass and not take the required action. It’s imperative to reflect on these findings and take proactive steps to safeguard our digital lives.
“By working together, we can create a more secure and trustworthy internet for all. Furthermore, by adopting these strategies, your organisation can significantly improve its password security posture and reduce the likelihood of breaches related to compromised credentials.”
To read more Eskenzi news, click here.
