Finger touching login screen

It’s 2022 – Are Passwords Still Important?

With growing awareness of the complexities of the rising digital age, cybersecurity is at the forefront of most businesses’ concerns. Keeping your company safe from the risk of data breaches, financial theft, and unwanted intrusion is paramount. As an ever-increasingly sophisticated suite of cybercrime tactics are developed, are passwords really still ‘all that’? Surprisingly, a great password is still the cornerstone of an effective cybersecurity plan- and here is why.

The benefits of password security

Passwords still act as a simple, but surprisingly effective frontline protection for data and sensitive accounts. There are a few reasons:

  • They’re easy to use
  • If compromised, they are also easy to replace
  • There can be no compatibility or software issues
  • No extra hardware is needed to run them
  • They remain immensely cost-effective

This doesn’t mean, however, that all passwords are created equally. Unfortunately, poor password hygiene is still of one of the leading causes of data breaches.

Robust passwords

As data breaching techniques have gotten more sophisticated, so has the need for stronger, more robust passwords. Gone are the days when you could use your birthday as a blanket password across all sites and expect that to remain safe and secure.

Today hackers have become more skilled. With the ability to run ‘brute force’ software that guesses at common words, letter combinations, and entered data to run thousands of passwords against vulnerable accounts in minutes, and with ever more sophisticated ‘phishing’ techniques and malicious malware aimed at harvesting passwords, it takes a strong and complex password to stand up to these guessing games.

Creating smart passwords

Smart passwords are at least 8 characters long, with even longer being more secure. For more sensitive uses, 16 characters or more is seen as the gold standard. A mix of upper- and lowercase characters, numbers, and special characters adds complexity. And it goes without saying that the source should not be based on data that can be easily mined from your daily life- pets and children’s names, birthdays, and cute phrases like ‘let me in’ are entirely off the table. Likewise, there’s no such thing as a universal password across all business and personal accounts, or a password for life, if you’re safety savvy. Passwords should be refreshed regularly, and never repeated across sites.

The issue of memory

While these benchmarks create strong and effective passwords, few of us can commit strings of truly random data to memory. Let alone across the many sites, accounts, and platforms we’re required to interact with daily. Almost 60% of people use the same password across multiple sites. Yet 80% of security breaches are tied to compromised credentials. All of us are guilty of using simplified and easy-to-remember passwords.

And when it’s something we work with daily- like our corporate accounts- we want something simple that takes less time and allows for better productivity. Especially as the number of passwords and log-ins we need is only growing. However, within any kind of corporate environment, that’s the last thing you can afford to run as your password.

Education on data security

For those higher in the corporate hierarchy, it’s also critical to realize that it’s not just your CFO or other boardroom members who have to be running robust security protocols. Employees across an organization can become an intrusion point into company data, regardless of their role in the business.

So the dilemma between security and convenience is a very real one. And yet, awareness and education at a corporate level on the necessity of robust passwords is rarely present at all levels of an organization- until it’s too late and the hacker is already through the door. In fact, where many companies fail entirely in their cybersecurity attempts is at the critical point- company-wide education on safe digital practices.

A failure to enforce robust password practices throughout the organization, as well as keep every employee- from the CEO to the newest hire- educated and up-to-date in cybersecurity best practices, introduces inherent weakness to any corporate cybersecurity solution. Failure to train staff on recognizing the ever-more-sophisticated attempts at phishing hitting their inboxes daily, and failures to enforce basic security standards like complex, regularly updated passwords, are one of the biggest weaknesses a company can face trying to stay safe in the digital space.

Compensating for human error

So the issue of balancing accessibility and safety is a critical one for any smart corporate entity. It starts with grassroots education of all staff members on why robust security protocols are necessary.

Staff should be encouraged to create robust passwords regardless of convenience. Smaller entities may be able to get away with educating staff on things like ‘passphrases’, where nonsensical (but far easier to remember) ‘sentences’ are created as passwords. For example, a staff member may decide on ‘Susan likes Cookies’ as something they can easily retain. This can easily be re-rendered into a complex password, while still retaining all the key features of a strong password like so:


It goes without saying that ‘Susan’ and ‘cookies’ should not be easily-mined data related to the particular staff member, of course! However, as you rise through the corporate hierarchy, or into enterprise-sized entities, it’s not enough to simply rely on staff memorization and cooperation. Here you need to look at additional security features, enforcing the need for staff to use completely random passwords and retain them in an encrypted ‘vault’ apps for easy retrieval. You also need to ensure passwords are changed throughout the organization on a regular basis, or incorporating two-step authentication protocols into how business accounts are accessed. Two-step authentication uses a password as the primary entry point, but also sends a code to the user’s device, such as an app or a text to the mobile phone itself, to provide a secondary security phase when accounts are entered that makes outside spoofing far less likely. And for businesses selling digitally, you also need to consider ways to make customer accounts safer and more robust.

It’s a tricky part of balancing convenience with security, but the era of the password is far from over. In fact, secure passwords remain one of the cornerstones of safe digital interaction. And it’s never been more important for companies to be diligent in all-things-password related.


Staff Writer at CPO Magazine