World Password Day

World Password Day Highlights Ongoing Cyber Security Risks for UK Businesses

World Password Day serves as an important reminder that weak and reused passwords remain one of the most common ways cyber criminals gain access to business systems.
Despite advances in cyber security, credentials are still the primary target for attackers — particularly through a technique known as password spraying.

According to Microsoft’s Digital Defense Report 2025, 97% of identity-based attacks involve password spray attacks. Rather than repeatedly guessing passwords on a single account, attackers test a small number of commonly used passwords across many user accounts, helping them avoid detection and account lockouts. This makes weak or reused passwords a serious risk for organisations of all sizes.

Why Password Security Still Matters

Many cyber incidents begin with simple issues, such as:

• Reused passwords across multiple systems
• Common or predictable password choices
• Shared accounts
• Lack of Multi‑Factor Authentication (MFA)

Calder IT’s Three Key Password Security Recommendations

At Calder IT Ltd, we help businesses improve cyber security in practical, manageable steps. Based on current threat data and Cyber Essentials guidance, we recommend focusing on the following three areas:

1. Use a Password Manager

Password managers help eliminate password reuse by generating and securely storing strong, unique passwords for every system. Business-grade solutions such as Bitwarden, combined with device security like BitLocker, reduce human error and improve compliance.

2. Use Passphrases Instead of Passwords

Where passwords are still required, long passphrases provide better protection than short, complex passwords. They are easier for users to remember and significantly harder for attackers to crack, helping organisations improve security without impacting productivity.

3. Enforce Multi‑Factor Authentication (MFA)

MFA adds a critical second layer of protection, ensuring stolen credentials alone are not enough to access systems. It is a core requirement of Cyber Essentials and one of the most effective defences against password spray and phishing attacks.

The Next Step: Passwordless Security

Looking ahead, many organisations are moving towards passwordless authentication, using biometrics, secure devices, or app-based approval instead of passwords altogether. Passwordless security reduces phishing risk, improves user experience, and supports modern Zero Trust security models.

Cyber Essentials, Cyber Security Audits and a handy staff guide

Calder IT Ltd supports organisations with Cyber Essentials accreditation and ongoing cyber security audits, helping identify credential risks and strengthen access controls as threats evolve.

World Password Day is the perfect time to review your approach to password security. To help you, here is a Quick guide to Password Security for Staff

If you’d like help improving credential security, achieving Cyber Essentials, or planning a move towards passwordless authentication, contact Calder IT Ltd today.