Skip to content

9 Common Ways Password Security is Breached

Kim Drinkall November 13, 2023

Businesses face numerous password security challenges, including phishing, malware, brute force attacks, and more, necessitating robust cyber security measures, employee education, and advanced defense mechanisms like multi-factor authentication to protect sensitive data.

Where there is data, there are criminals trying to access it. Passwords are a challenge for businesses, because it's an important way to maintain your security posture, and unfortunately, it depends heavily on humans. And let’s face it – humans are unreliable.

As a business looking to protect your assets, your passwords may be at risk in several ways: 


Phishers are always getting more sophisticated, and unfortunately their methods work. In fact, 90% of corporate security breaches are the result of phishing. Training employees to recognise and avoid these attacks is key. Download our Phishing Field Guide to remind employees of what to watch for with these phony communications. 

Keylogging Malware

 Certain kinds of malware save your keystrokes and leak passwords that way. How can this be avoided? A robust cyber security suite is your protector against these silent threats. Remembering not to plug in unfamiliar USBs, scan unknown QR codes, click unknown links and more keep these kinds of malware at bay. 

Brute Force

 Getting lazy with your passwords is dangerous. Using passwords such as “password1” or similar is an easy way for hackers to force their way into your system and make use of your sensitive data.  

Credential Stuffing

Post-breach, attackers feast on recycled passwords. Maintaining a portfolio of unique, complex passwords starves their efforts fast.  

Public Wi-Fi

 Public networks are a hacker's playground. Secure, encrypted connections are the safety nets for your data. Many phones have personal hotspots in the settings – make use of them. Otherwise, investing in hotspots for your employees that travel often is a great way to keep a more robust level of security around your sensitive information. 

Shoulder Surfing

 The simplest breach is often overlooked. Conscious practices and privacy screens thwart prying eyes.  

Dumpster Diving

 Discarded devices and documents can be a treasure trove for criminals. Ensure that your business uses secure disposal methods for all materials. 

Physical Device Theft

A lost device can unlock a gateway to unauthorised access. Encryption and secure lock screens are your first line of defence. 

Database Hacks

 An assault on a database presents a multitude of problems, but one of the main ones is the opportunity to farm multiple passwords which then proliferates the attack damages. Encryption and vigilance in partner choice are paramount. 

Fortifying Your Frontlines 

UK businesses must transcend basic password protocols to defend against sophisticated cyber adversaries. Here are strategic pillars to uphold: 

Cyber Security Hygiene

 Regular updates and patches are the bedrock of a resilient security posture. 

Employee Vigilance

 People can’t know how to protect themselves (and your business) if they don’t know the threats facing them. Continuous education on cyber security threats and best practices is non-negotiable. 

Advanced Defence Mechanisms

 Employ multi-factor authentication (MFA) and password managers to add layers of security. 

IT Service Continuity Management (ITSCM)

 Have an actionable plan for when breaches occur. Speed is of the essence in containing and mitigating damage. 

Regular Audits

 Test your defences. Penetration testing and security audits should be routine to ensure your shields hold firm against ever-evolving threats. 

Data Privacy Compliance

 Adherence to the UK's Data Protection Act 2018 and GDPR (General Data Protection Regulation) is crucial. Ensure your practices are up to the mark to avoid legal repercussions and fines. 

The Path Ahead 

It’s easy to become overwhelmed in the face of cyber threats. They are vast and ever evolving. The human element is often the weakest link in the equation, so that’s where to focus your efforts when thinking of your cyber security. The first step is education and awareness.  

Want to know more about password security? Join our upcoming webinar with LastPass where we will learn about the psychology behind password security and how to improve it! As always, contact us with any questions you may have surrounding this topic or any others.