We all know passwords matter. But here’s the thing — in 2025, they matter more than ever.
Just this summer, researchers found 16 billion stolen login details for sale online. That’s billions of usernames and passwords sitting there for cybercriminals to exploit. If even one of those belongs to your business, the fallout could be serious: lost data, disrupted operations, reputational damage.
The reality? Most SMEs still rely on password habits that attackers find far too easy to crack.
What Strong Password Security Looks Like Today
- Make them long and complex At least 16 characters, using numbers, letters, and symbols. Avoid anything tied to personal info (birthdays, pet names, football teams).
- Use different passwords for every account Reusing passwords — even with small tweaks — is one of the fastest ways attackers spread from one breach to all your accounts.
- Think passphrases, not passwords A random string of words like “White Sun Rabbit Grass” is stronger (and easier to remember) than a short, complex word.
- Use a password manager They generate, store, and autofill strong passwords across all your devices. Just be sure to choose a trusted provider and enable two-factor authentication (2FA) on the vault.
- Don’t force regular password changes The UK’s National Cyber Security Centre (NCSC) advises only changing passwords if there’s evidence of a breach — otherwise people fall into the trap of using weaker, more predictable replacements. (NCSC guidance)
- Enable two-factor authentication (2FA) This is one of the simplest, highest-impact upgrades you can make. Even if a password is stolen, 2FA blocks attackers from getting in.
Password Fails We’ve All Seen 🙈
A bit of humour — but all true:
- “Password123” (yes, really…) Still one of the most common passwords in the world. Hackers don’t need clever tricks for that one.
- The sticky note on the monitor We’ve walked into offices where the “secure” password was literally on a Post-it stuck to the screen. Cybersecurity, defeated by stationery.
- The pet’s name combo Milo, Bella, Rover… hackers know your furry friends better than you think. The same goes for football teams plastered all over social media.
- The Netflix crossover One client once used the same password for Netflix and online banking. Spoiler: not a good idea.
- Forced password changes gone wrong Monthly resets often lead to “Password1”, “Password2”, “Password3”… which are, unsurprisingly, the first guesses attackers try.
Funny? Yes. Harmless? Absolutely not. These mistakes are exactly what cybercriminals rely on.
Where PiBlu Can Help
For SMEs, password policies are only part of the picture. The real challenge is making sure your whole IT setup supports secure, modern practices.
At PiBlu, we:
- Audit your systems for hidden vulnerabilities.
- Help implement password managers and 2FA across teams.
- Provide clear, jargon-free training so staff understand why good password habits matter.
- Monitor for breaches and keep you ahead of new threats.
It’s about building a culture of security that works in the real world — not just ticking compliance boxes.
Final Thoughts
Check If You’ve Been Breached (we can help)
– It’s worth checking if your details are already out there.
– Passwords are the first lock on your digital front door. If they’re weak, reused, or unmanaged, the risk is clear.
– Strengthen them now and pair them with 2FA, training, and proactive IT support, and you’ll dramatically cut your risk.
📞 Want a complimentary review of your IT systems and password security? Email info@piblu.co.uk or call 0161 388 8188.
