
A Brief History of Passwords
Let’s face it, at some point, we’ve all been guilty of using a basic password like “123456” or even just “password”. It’s become almost a running joke in the cybersecurity world—and not a particularly funny one. These weak passwords remain incredibly common, despite years of warnings from IT professionals. In fact, “123456” regularly tops the list of the world’s most used passwords.

https://www.statista.com/statistics/1454162/most-used-passwords-worldwide/
But why do people still use these laughably insecure combinations? Well, when computers were room-sized beasts, a password could be as simple as “open sesame”. The idea of someone hacking into your system seemed far-fetched. People weren’t thinking about cybersecurity in the way we do now, and simple passwords were enough to keep casual prying eyes away. But as computers became more powerful and the internet more interconnected, the game changed.
The same password that might have kept you secure in the early days of computing is now a hacker’s dream come true. With today’s technology, cracking a simple password like “123456” takes mere micro seconds seconds.

https://www.security.org/how-secure-is-my-password/
Enter “complex passwords.” IT professionals began recommending complex mixtures of letters, numbers, and symbols – and then there was password rotation. The logic was sound: a more complex password is harder to crack, and changing it regularly means even if one gets stolen, it won’t be useful for long.
But, there’s a snag. Requiring people to constantly change their complex passwords didn’t quite work out as planned…
The Problem with Password Reuse: Why Complex Isn’t Always Better
You see, humans are creatures of habit. When faced with the stress of remembering new passwords every couple of months, many people, including business owners and staff, started doing something sneaky—reusing passwords across multiple platforms or creating barely tweaked variations (hello, “password1234”). It might seem like a small thing, but password reuse is like using the same key for every door and lock you own.
Imagine this: you’ve got one key that opens your front door, your car, your office, and even your shed. Sure, it’s convenient. You only need to remember one key, and you can go anywhere you want without fumbling through a bunch of keys. But here’s the problem—if someone gets their hands on that one key, they now have access to everything.
That’s exactly what happens when you reuse the same password across multiple accounts. It feels convenient at first, but it creates a massive security risk. If a cybercriminal manages to crack your password on one platform, they can use it to unlock every account where you’ve reused it—whether it’s your email, banking, or business systems.
Why does this happen? Because password complexity is hard for the average user to manage. Between work logins, email accounts, and subscriptions, the sheer number of passwords we juggle can quickly become overwhelming. And for busy businesses, where time is money, no one has the mental bandwidth to recall 20 different, random strings of characters. So, what’s the solution?
Well, the industry’s figured something out: it’s not about the complexity, it’s about the length.
Password Length Trumps Complexity
Picture this: you’re at the supermarket trying to remember a 15-digit PIN for your loyalty card. Impossible, right? But what if, instead, it was just a phrase you already knew by heart? Enter the world of long passphrases.
Studies show that password length is far more critical to security than complexity. In fact, a simple, long passphrase like “Correct Horse Battery Staple” can be much harder to crack than something like “p@55W0rD!” Why? Because hackers often use brute-force attacks, where they try every combination of letters, numbers, and symbols. The longer the password, the more combinations they have to try, and the longer it takes them to succeed.

Source: https://xkcd.com/936
Now, some of you might be wondering, “But isn’t ‘Correct Horse Battery Staple’ just a string of random words?” Yes, and that’s the beauty of it. It’s memorable, easy to type, and incredibly tough for a hacker to guess. Plus, it beats having to recall a complex mess of characters like “$$7u7vGw97!” every few weeks.
Tools for Generating and Managing Secure Passwords
So, how do you make sure you’re creating secure passwords that protect your business without driving yourself (or your staff) mad?
Here’s where password managers come to the rescue. These handy tools generate random, strong passwords for you and store them securely, so you don’t have to remember them all. Password management tools have become essential for forward thinking businesses looking to protect their digital assets. These platforms help securely store and manage unique, strong passwords across various accounts, making it easier for businesses to maintain security without the hassle of remembering multiple complex passwords or phrases.
But, before you go all in, let’s issue a word of caution: be wary of browser-based password managers. While they’re convenient, they may not offer the same level of encryption and security as dedicated password managers. Plus, if a hacker gains access to your browser, they might gain access to your saved passwords, too. Best stick with standalone options designed with robust encryption in mind.
Five Tips for Creating Strong, Memorable Passwords
To help you and your team create more secure passwords, here are five easy-to-remember tips:
- Use passphrases: Combine random words to create a password that’s both strong and easy to remember (e.g., “CrispyOnionDeskLamp”).
- Length over complexity: Aim for at least 12 characters. Length trumps complexity when it comes to password strength.
- Avoid personal information: Don’t include birthdays, names, or any easily guessable info.
- Leverage a password manager: Let the software do the heavy lifting by generating and storing complex passwords for you.
- Enable Multi-Factor Authentication (MFA): Even the strongest password can be breached, but combining it with MFA adds an extra layer of security.
No More Mandatory Password Resets?
In recent years, security experts have also started to challenge the idea of frequent password resets. Research suggests that forcing users to reset their passwords too often doesn’t necessarily increase security – it can actually encourage weaker passwords due to reuse or predictable patterns. Instead, the trend now leans towards combining long, unique passwords with MFA, rather than forcing frequent changes.
The National Cyber Security Centre (NCSC) in the UK has even weighed in on the subject, advising that regular password resets aren’t necessary unless there’s been a breach. That’s good news for businesses juggling multiple systems and logins – it means less time spent on unnecessary resets and more time focusing on running your business.
The Holistic IT Approach
At Holistic IT, we understand the frustration of juggling complex passwords, especially for SMBs where every minute counts. Our approach is simple: combine smart password management with MFA and strong but memorable passphrases. By doing this, we help you protect your business without adding unnecessary stress to your day-to-day operations.
Rather than expecting you to remember dozens of impossible-to-guess passwords, we recommend using a reliable password manager to handle the heavy lifting. And don’t forget, adding MFA to your login process adds an extra shield of protection, making it nearly impossible for attackers to break in, even if they manage to guess your password.