Password Security Failures: A Wake-Up Call

July 23rd 2025

The High Cost of Weak Passwords

Password security isn’t just a tech buzzword – it’s now a matter of national importance. In recent weeks three key stories have highlighted just how fragile our digital defences have become:

  1. A 158‑year‑old firm brought down by poor password practices – One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. (BBC)
  2. M&S hit by ransomware after a successful social-engineering scam – Hackers posed as trustworthy individuals to trick a third-party supplier into revealing login credentials, giving them access to M&S systems. (BBC)
  3. 19 billion passwords leaked online over the past year – A Cybernews analysis showed only 6% were unique; a staggering 94% were reused used across multiple services. (Forbes)

Together, these stories form a chilling trifecta: large organisations are falling because of trivial mistakes, and millions of us still rely on woefully weak passwords.

Practical Tips for Password Security

Use Strong Passwords

Millions of individuals are still using simple, easy-to-guess passwords like “123456”, “Qwerty” and “Password”. A strong password is 12+ characters long and a mix of upper- and lower-case letters, numbers, and special characters. Alternatively, use a passphrase of 12–16+ characters e.g., SunnySaturdayCycle2025.

Don’t Reuse Passwords

By even reusing one password across multiple services, you are putting yourself at greater risk.

Consider a Password Manager

Invest in a Password Manager that can generate and securely store strong, unique passwords, so you don’t have to remember them all.

Enable Multifactor Authentication Everywhere

If a system or platforms offers multifactor authentication, switch it on! Disappointingly, this is the one I see the most pushback on when I’m working with organisations. Many breaches succeed via compromised passwords. A second factor – like an app code, text, or hardware key – can stop unauthorised access in its tracks. If a system offers it, please turn it on.

Encrypt Shared Data

If you must send personal or sensitive documents (e.g., customer mailing list, employee data, financial files) over email, encrypt the file, and share the password or decryption key via another secure method, such as on the phone – not in the same or another email.

Thwart Social Engineering

Train staff to spot phishing and cold-call tricks. M&S’s breach opened due to a simple social engineering play. Teach staff to never give logins or passwords based on unsolicited requests.

What Should Organisations Do?

  • Enforce password length (min. 12–16 characters) and block known-bad passwords.
  • Roll out 2FA/MFA across all accounts, especially admin and cloud services.
  • Provide a password manager for staff and encourage its use.
  • Deliver regular training on social-engineering and phishing attacks.

Final Thoughts

These stories – the collapse of a 158‑year‑old business, a ransomware attack at M&S, and the flood of 19 billion leaked passwords – should serve as a wake-up call. Weak, reused, and easily shared credentials are the most common ways cybercriminals break in. By adopting these straightforward, modern practices, both households and businesses can greatly reduce their vulnerability.

Get In Touch

If you’re a cultural organisation looking for tailored support, plain English policies, or practical training that empowers your team, we’d love to help. Get in touch for a free 30-minute consultation.

Leave a Reply