Every year security researchers analyse real‑world password data. And every year, the results show the same problems: weak passwords, reused passwords and predictable patterns.
A recent Huntress analysis confirms that even in 2026, password behaviour is one of the biggest risks for UK SMEs.
We’re still terrible at passwords
The research highlighted three common flaws:
Password reuse across multiple accounts
Simple, predictable patterns (seasons, names, years)
Weak passwords like “123456”, “password” and “qwerty” still widely used
Attackers love this, because it makes their job easy.
Why password reuse is so dangerous
When one site is breached, attackers try those exact password/email combinations on:
Office 365
Cloud apps
Remote access portals
VPNs
If your team reuse passwords between personal and work accounts, your business is exposed whether you know it or not.
What “good” looks like in 2026
You don’t need complex rules. You need:
Unique passwords for each account
Long passphrases, not short complex words
Multi‑factor authentication on all key systems
A password manager to make it easy
Passphrases like CoffeeOnASunnyTuesday! are better than complex strings nobody remembers.
A simple plan to improve your password hygiene
Pick and roll out a password manager
Update your password policy in plain English
Run a short “how passwords really get hacked” workshop
Turn on MFA wherever possible
Review admin accounts and shared logins
We offer multiple options for password managers based on your budget and needs. Speak to one of our team to learn more.