Businesses have a responsibility to protect their users’ passwords, but sadly, most businesses don’t take this responsibility seriously enough. Breaches most often occur due to poor passwords or password habits, and that’s a serious concern in an increasingly digitalized world. About 80% of all data breaches use compromised passwords!

If your business isn’t protecting its passwords, you could be held legally liable for putting customers’ information at risk, and the financial implications of a data breach can easily bankrupt a small business. The bottom line? It’s time to take passwords much more seriously. Is your business protecting its passwords?

Here are four signs you’re slacking in the password department, and how to address the problem.

1. Your Passwords Are Outdated

How long have your employees been using the same passwords? A year? Two? Maybe longer? Passwords that are old and outdated can be easily compromised, and every business should be paying attention to the lifespan of a password. Ideally, passwords will only be used for a few months and then changed, but that’s not always practical. In that case, you should at least change the passwords a few times each year.

Some businesses have adopted more strict policies that require users to change passwords every 30, 60, or 90 days. You don’t have to be so strict about password management, but you don’t want to be negligent, either. A company with outdated passwords can put its entire system at risk, and your customers certainly won’t be happy to learn that their information is compromised.

A good way to better track your passwords is to use a business password manager like Keeper. A business password manager will help you store, manage, and secure your business passwords and allow employees to have their own “vault.” There, they can store passwords and with the password generator tool, create better passwords.

2. You’re Using Sticky Notes

Did you know that around half of all businesses are still using sticky notes, notebooks, Word docs, or spreadsheets to store their passwords? Each of these methods presents its own share of problems. Obviously, sticky notes are small and can be lost, accidentally thrown out, or left where the wrong people can see them. With spreadsheets and document files, if one computer is hacked, the entire company’s passwords can end up in the wrong hands. 

Don’t trust the security of your passwords to a spreadsheet. Using a password manager can help you store and organize your passwords in a secure location so you don’t have to constantly search for that missing sticky note.

Let’s say your company was the victim of a breach because of a compromised password, and you were storing your passwords on a spreadsheet. Do you think a judge would look favorably on such irresponsibility? You could be held liable for a breach you might have prevented if you simply stored passwords with greater care.

Luckily, there are dozens of password managers out there, and many of them are free. Premium packages will get you more features, but you can always start with the free version so you have something other than a spreadsheet to store passwords in.

3. Your Employees Have Poor Password Habits

This is probably the most common password problem that companies face. Unfortunately, the average person doesn’t have good password habits to begin with. Many people use personal information, company information, and other self-identifying phrases or numbers in their passwords. Additionally, a large percentage of users actually reuse the same password across multiple accounts. In some cases, people use the exact same password for everything.

You can imagine the myriad of problems such practices create for a business of any size. A password can be your best or worst security feature, depending on the users’ concepts of “good” and “bad” passwords.

It’s universally agreed that passwords should never contain personal or company information. That means addresses, employee ID numbers, birthdays, etc. You shouldn’t even include your name in a password. It should be a random assortment of letters, numbers, and symbols. 

4. You’ve Already Had A Breach

The most telling sign of poor password management and habits is a breach. If your company has already suffered a breach, it’s time to seriously upgrade your passwords and start taking extreme measures to protect them. That means not only instilling better password practices within your team, but also using a password manager tool to properly store and secure passwords and other private data.

The average data breach can cost about $8 million dollars, and that’s a conservative number. Cybercrime is a trillion-dollar global industry, and you don’t want your small business to become a statistic. 


If any of these four signs of poor password management sound familiar, it’s time to up your game before your business experiences a serious financial disaster. A well-planned cyberattack can easily cripple a small business with stolen information, and the legal backlash and costs that follow. The bottom line? Don’t neglect your passwords, or you’ll regret it. Reinforce good password habits and give your employees the tools they need to work with to create and manage better passwords.