Cybersecurity 101: Passwords and Multi-Factor Authentication

Published

Executive Summary 

  • With our all-new Cybersecurity 101 series, we’re sharing some of our team’s expert knowledge on IT and cybersecurity advice tailored to UK businesses. First up, we’re shining the spotlight on passwords and Multi-Factor Authentication. 
  • We’ll take a deep dive into how best to approach your organisation’s passwords, its digital gatekeepers. We’ve got plenty of expert advice on crafting the strongest passwords: think long, unique, and not to be shared.  
  • We’ll also unpack Multi-Factor Authentication (MFA), which provides an extra layer of security for your business. From SSO to password managers, we’re sharing the best ways to make MFA work for you and your team. 

Introduction 

As a small business owner, you have a lot on your plate.  

From managing operations to ensuring customer satisfaction, there’s always something that needs your attention. But one aspect that often gets overlooked is cybersecurity—more specifically, the importance of strong passwords and Multi-Factor Authentication (MFA). 

So, with the inaugural edition of our new Cybersecurity 101 series on the Get Support blog, let’s dive into why these elements are crucial for your business’s IT security. 

Why passwords (still) matter 

Let’s begin by answering a simple question: why do passwords still matter? In this age of biometric authentication and bleeding-edge cybersecurity systems, why do we still need to use them?  

Passwords are the first line of defence in securing your organisation’s sensitive data, and they remain one of the most secure authentication methods—provided they’re used the right way.  

They act as the gatekeepers to your systems, and if they fall into the wrong hands, the consequences can be disastrous. According to the National Cyber Security Centre (NCSC), attackers now use a variety of techniques to discover passwords, including social engineering, data breaches, and brute-force attacks. 

If any of these attacks manage to slip through, the attackers can steal sensitive data, disrupt your operations, or even hold your business to ransom. That’s why having a good password policy—especially one based on the NCSC’s guidance—is essential. 

Password best practices 

Now that we’re up to date on why passwords matter, let’s look at some methods for making them work best for your business.  

  • With passwords, the longer the better. It’s harder for attackers to crack a long password than a short one, even if the short one is filled with a mix of letters, numbers, and symbols. 
  • Use three random words. The NCSC recommends using three random words to create a strong password. This approach, known as #thinkrandom, makes your password hard to guess but easy to remember. 
  • Never share passwords. Sharing passwords increases the risk of them falling into the wrong hands. Keep them confidential. 
  • Don’t re-use passwords. Using the same password across multiple systems makes it easier for attackers. If they crack one system, they can access all others using the same password—and that’s bad news for your business.  
  • Don’t force users to change passwords regularly. Contrary to popular belief, changing passwords frequently can lead to weaker passwords as users may resort to predictable patterns. 
  • Always change your password at any sign of a breach. If there’s any indication (and we mean any) that a password has been compromised, change it immediately. 
  • Consider adjusting your password lock-out configuration. Implementing a lock-out policy after a certain number of failed login attempts can deter brute force attacks. 

What is Multi-Factor Authentication (MFA)? 

Now let’s zoom out a bit and take a look at another essential form of cybersecurity defence: Multi-Factor Authentication, or MFA.  

MFA is a security measure which requires users to provide two or more verification factors to gain access to a resource such as a SaaS app, online account, or other cloud-based tool. By requiring at least two forms of authentication (e.g. your password plus a biometric face scan), it adds an additional layer of security—making it harder for attackers to gain access to your systems. 

To learn more about MFA in-depth, take a look at our Plain English Guide to: Multi-Factor Authentication (MFA).  

Multi-Factor Authentication best practices 

As before, here are our recommendations for best practices around implementing and managing MFA within your organisation.   

  • Always enable MFA on any account where it’s available. This adds an extra layer of security, making it harder for attackers to gain access. It’s really a no-brainer.  
  • Follow password best practices. At the risk of repeating ourselves… see above. MFA works alongside your password, so abiding by best practices for passwords is essential, too.  
  • Consider SSO to minimise password use. Single Sign-On, or SSO, allows users to log in once and gain access to all systems without needing to log in again—lowering the risk of password breaches even further.  
  • Too many passwords? Use a Password Manager. Password Managers can securely store and manage your passwords, reducing the risk of your team forgetting them or writing them down insecurely. 
  • A dedicated Password Manager will always beat a browser. While browsers can save passwords, they usually don’t have the same level of security as dedicated password managers.  
  • Consider how best to provision Password Managers to your team. Providing a business-grade password manager can ensure that all passwords are securely managed and controlled. Learn more about our recommended Password Managers here.  

Keep an eye on the Get Support blog for even more quick tips from our Cybersecurity 101 series. In the meantime, if you have any questions about your security setup, get in touch with your account manager anytime or call us on 01865 594 000. 

Latest From The Blog

Cyber Essentials is changing (again) in 2025. But there’s good news.   

Cyber Essentials is changing in 2025. Get up to speed on the key updates, including passwordless authentication and vulnerability fixes.

Microsoft 365 Copilot Release Roundup: August, September, October 2024  

Discover the latest updates for Microsoft Copilot released during August, September, and October 2024.

What's new with the Windows 11 24H2 update?

Here’s a Get Support guide to the latest Windows 11 24H2 update, including what matters most for small businesses.