The Alarming Rise of Business Password Theft: What You Need to Know

From April 2024 to April 2025, Cybernews conducted a recent cybersecurity study, which uncovered that over nineteen billion passwords had been reported as stolen. These passwords are currently being sold on the illegal market. Disturbingly, 94% of these passwords have been reused or duplicated, leaving only 6% unique. This significant rate of reuse poses serious security risks, rendering these passwords vulnerable to cybercriminals.

Password Procedures Are Important

Businesses that fail to implement proper password management practices may inadvertently allow attackers to guess or acquire user credentials, which are often traded on the illegal market. These compromised login details can lead to credential stuffing attacks, granting unauthorized access to various online accounts, and resulting in fraudulent activities. Alarmingly, more than 25% of businesses, as reported by the Cyber Security Breaches Survey 2025, lack a password policy that requires the creation of strong passwords, highlighting a critical vulnerability in their security measures.

The use of common keyboard patterns and simple guessed phrases continues to undermine password security protocols. A quite common sequence "123456" has earned a horrible reputation, used in an astonishing 338 million passwords. It is overly concerning how this simple string has found its way into the security of so many accounts! Research also found that fifty-six million passwords include the word "password," and fifty-three million use "admin." Most passwords are between eight and ten characters long, with a considerable number relying solely on lowercase letters and digits, making them highly vulnerable to brute-force attacks.

Changes Are Happening Slowly

There has been a notable shift in password security practices: in 2022, only 1 percent of passwords included a combination of uppercase letters, lowercase letters, numbers, and symbols. Today, that figure has increased to 19 percent. While this is a positive development, there is still much work to be done to further enhance password security.

To improve security, organizations should implement policies that require passwords to be at least twelve characters long, with sixteen characters being ideal. Passwords should include a combination of numbers, uppercase, lowercase letters, and special characters. Encouraging the use of unique passwords for each account is also crucial, as this limits the impact of a single compromised password. Utilizing a password manager or generator can be an effective way to create and store these unique passwords.

Regular password changes are recommended, ideally every 90 days, to minimize the risk of compromised passwords being used for extended periods. Finally, implementing Multi-Factor Authentication (MFA) adds an extra layer of security by requiring an additional verification step, such as a code from a mobile app, in addition to the password itself.

Shifting The Current Trends

Tech61, acting as a trusted representative for DUO Security, specializes in offering businesses comprehensive and user-friendly cybersecurity solutions tailored to meet the unique needs of each organization. In an era where sensitive data is increasingly vulnerable, it is crucial to establish a robust defense mechanism. DUO Security is expertly designed to proactively identify and neutralize potential threats before they can escalate into serious breaches.

By implementing advanced authentication methods and continuous monitoring, our solutions empower businesses to protect their critical information with confidence. If you are looking to fortify your cybersecurity strategy and safeguard against the rising tide of cyber threats, do not hesitate to reach out to Tech61. Let us partner with you to enhance your security posture and ensure that your business does not fall prey to cybercriminals. Contact us today to discuss how we can help you achieve a safer digital environment.