Be honest. Do you still have at least one password that looks like “12345” or “password123”?
If so, you’re not alone.
But that doesn’t mean it’s OK.
Despite years of warnings from IT experts (people like me), weak passwords are still everywhere. And that’s a real problem. Because they’re one of the easiest ways for cybercriminals to break into your business systems.
You’d be amazed how many companies are still using passwords that can be cracked in less than a second.
Recent research found that the most common business password is still “123456”.
Right behind it? “123456789”, “password”, and even the ever popular “qwerty123”.
These aren’t just lazy choices. They’re open doors for hackers.
What’s worse, it’s not just huge enterprises that are getting this wrong. SMBs are guilty too. And they’re often hit harder when things go wrong, because they don’t always have the same resources to recover.
A single stolen password can let an attacker access your email, files, financial systems, or even customer data.
The damage? It can be serious. Both financially and to your reputation.
You might think, “But we don’t have anything worth stealing.” Trust me, you do. Even if you’re a team of five, your accounts, client data, and communications are all valuable targets. Cybercriminals don’t discriminate. They go for easy wins. And weak passwords are the easiest win there is.
Now here’s the kicker: Even if you’re not using “123456”, that doesn’t necessarily mean your passwords are secure. The research also found people using their own email address or their name as a password (eye roll). Some even used phrases like “iloveyou”.
It’s all very sweet… until a cybercriminal uses it to get into your systems.
So… what can you do to protect your business?
Start by making sure everyone uses strong, unique randomly generated passwords. That means longer phrases with a mix of letters, numbers, and symbols. Nothing predictable.
Nobody wants to remember 30 complex passwords. That’s where a password manager comes in. It can create super strong passwords for every login and store them securely, so your team doesn’t have to rely on memory (or sticky notes).
Better still, consider enabling two-factor authentication. That’s the thing where you get a code on your phone or app when logging in. Even if someone does steal a password, they can’t get in without that second code. It’s one of the easiest and most effective ways to add a layer of protection.
And if you want to future-proof your security, look at passkeys. These are a new way to log in without traditional passwords at all. Using biometrics like fingerprint or facial recognition, or secure device-based authentication. It’s safer and simpler, and it’s quickly becoming the new standard.
At the end of the day, strong passwords -or better, password alternatives -are your first line of defense. Don’t wait for a security scare to take them seriously. If your team is still using “abc123”, now’s the time for a change.
Need a hand reviewing your password policy or setting up a secure login system for your team? My team and I would love to help. Get in touch.