Passwords are still a problem for UK businesses - what next?

Despite years of public awareness campaigns, repeated high-profile breaches and ongoing regulatory scrutiny, the use of weak, guessable passwords such as “admin” and “123456” persists in the UK. This problem is emblematic of a deeper, systemic issue in the country’s cybersecurity posture.

However, this is not a failure of awareness or education, but a failure of credential management, cultural reinforcement and policy enforcement at an organizational level.

In early December, the National Cyber Security Centre (NCSC) published updated guidance on credential management. Specifically, the guidance “advocates a greater reliance on technical defenses and organizational processes, with passwords forming just one part of your wider access control and identity management approach.”