The Evolution of Password Management: Top 15 Best Practices for SMBs

Learn the importance of password management for SMBs, discover 15 best practices, and find out how Uprise Partners can help secure your digital assets.

In today's digital landscape, password management remains a crucial aspect of maintaining strong security for businesses. As technology evolves, old password advice is no longer sufficient to protect sensitive data. Small to medium businesses, in particular, need to adopt robust ITSM and "IT in a box" solutions, like those offered by Uprise Partners, to maintain their digital security.

With the recent events around LastPass’s security breaches, we’ve gotten a lot of questions about how to keep passwords secure. In this blog, we will explore alarming statistics on password management, common techniques for cracking passwords, and the top 15 principles of password management. For a deeper understanding, you can read BeyondTrust's comprehensive article on best practices and statistics.

Alarming Statistics on Password Management

The importance of strong password management cannot be overstated, as poor password practices can lead to severe consequences for businesses. Let's take a closer look at some alarming statistics that highlight the need for improved password management:

  • 81% of data breaches are caused by weak or stolen passwords, emphasizing the critical role of password security in protecting sensitive information (Source: Verizon Data Breach Investigations Report).
  • 45% of users did not change their passwords after a breach occurred, potentially leaving their accounts vulnerable to further attacks (Source: LastPass study).
  • Only 58% of employees report that their organization has implemented Multi-Factor Authentication (MFA), leaving a large percentage of businesses with weaker security measures (Source: SecureAuth survey).
  • A staggering 84% of users admit to reusing passwords across multiple sites, increasing the risk of multiple account breaches if one password is compromised (Source: Bitwarden survey).
  • Over 20% of users reported using the same password for their personal bank accounts as they did for work-related accounts, potentially exposing both personal and professional data to cyber threats (Source: BeyondIdentity Survey).
  • Only 34% of users globally use a password manager, and only 25% of global users (32% of Americans) are required to use a password manager at work, suggesting that there is still significant room for improvement in adopting this helpful security tool (Source: Bitwarden survey).
  • 63% of users are likely to leave an online service for a competitor that makes it significantly easier to authenticate identity, highlighting the importance of user-friendly security measures (Source: Ping Identity survey).
  • 46% of users would prefer to use a service or site that offers an alternative to passwords, indicating a growing demand for more advanced and secure authentication methods (Source: Ping Identity survey).
  • 41.7% of employees admitted to having shared workplace passwords, 37.4% of those employees have shared their work passwords with a family member and 21% with a close friend. Alarmingly, in the same survey, 42.5% of employees felt that sharing work passwords should be a fireable offense (Source: BeyondIdentity survey).

These statistics paint a concerning picture of the state of password management and security. It is evident that there is a pressing need for better password policies, employee education, and the adoption of advanced security measures.

Adopting better password management practices and working with a trusted partner like Uprise Partners to identify areas of digital security weakness can help businesses protect their sensitive data and reduce the risk of data breaches. By understanding the alarming statistics on password management, organizations can take the necessary steps to improve their security posture and safeguard their digital assets.

The Top 15 Principles of Password Management

To maintain a strong security posture, businesses should follow these best practices for password management:

  1. Create a Strong, Long Passphrase: Use a combination of upper and lowercase letters, numbers, and symbols to form a passphrase that is difficult to guess but easy to remember.
  2. Apply Password Encryption: Protect passwords with end-to-end, non-reversible encryption to secure them in transit and at rest.
  3. Implement Two-Factor Authentication: Use an additional verification method, like a one-time code or a personalized USB token, along with traditional credentials to enhance security.
  4. Add Advanced Authentication Methods: Utilize non-password-based methods like biometric verification (e.g., facial recognition, fingerprints) for added security.
  5. Test Your Password: Use online testing tools to ensure your password is strong and resistant to hacking attempts.
  6. Don't Use Dictionary Words: Avoid common dictionary words to prevent dictionary attack programs from cracking your password.
  7. Use Different Passwords for Every Account: Unique passwords for each account reduce the risk of multiple accounts being compromised if one password is breached.
  8. Secure Your Mobile Phone: Protect your mobile devices with strong passwords, fingerprints, or facial recognition to safeguard sensitive data.
  9. Avoid Periodic Changes of Personal Passwords: NIST advises against mandatory password changes for personal accounts, as it can lead to weaker passwords and insecure practices.
  10. Change Passwords When an Employee Leaves Your Business: Prevent unauthorized access and potential data breaches by updating passwords after an employee's departure.
  11. Protect Accounts of Privileged Users: Secure privileged user accounts with specialized protection, such as privileged access management software and regular password changes.
  12. Keep Your Business Offline: Store sensitive company information offline and limit public access to minimize the risk of data theft.
  13. Avoid Storing Passwords: Refrain from storing passwords in unsecured digital or physical formats to reduce the risk of them being stolen by malicious actors.  Always secure this data, either behind a robust password in a digital format or behind a physical security measure, such as locked containers in secure employee-only areas for physical records of passwords.
  14. Be Vigilant About Safety: Use up-to-date anti-malware and vulnerability management solutions to protect your systems from intruders and minimize the risk of password theft.
  15. Use Password Managers: Employ password managers to securely store and generate strong, unique passwords for all your accounts, making it easier to manage and protect your login credentials.

By following these top 15 principles of password management, organizations can significantly enhance their digital security and reduce the risk of unauthorized access. Uprise Partners offers robust ITSM and "IT-in-a-box" solutions that can assist small to medium businesses in maintaining their digital security and implementing these best practices effectively.

Common Techniques for Cracking Passwords

Being aware of these techniques helps businesses implement stronger security measures and train employees to avoid potential risks.  They may also provide the context you need to understand why these tips are so important! Cybercriminals employ various techniques to crack passwords, including:

  • Dictionary attacks
  • Guessing simple passwords
  • Reusing passwords across multiple sites
  • Cracking security questions
  • Social engineering

Uprise Partners: Your Partner for IT Security

At Uprise Partners, we understand the unique challenges small and medium-sized businesses face when it comes to cybersecurity and IT management. We believe in being an extension of your team, dedicated to your success. Our philosophy is to understand each business's specific needs and craft solutions that work best for you.

Our services provide first-class value, secure and reliable IT solutions, and a trustworthy partnership. We're responsive and transparent in our actions, ensuring you have the support you need when you need it. With our IT in-a-Box offering, we cater specifically to businesses with ten people or less, ensuring that even smaller companies have access to top-notch IT support and security.

Let us take IT off your plate so you can focus on what matters most: running your business and taking care of your customers. By partnering with us, you can be confident that your IT systems and data are in safe hands, allowing you to concentrate on innovation, growth, and efficiency. Choose Uprise Partners as your partner for IT security and support – we're here to help you succeed.


In an era where data breaches are increasingly common, it's essential for businesses to prioritize password management and security. By following the principles of password management and partnering with a trusted IT security provider like Uprise Partners, you can create an effective password security policy for your SMB and provide stronger protection against unauthorized access. Stay ahead of cyber threats and safeguard your business by implementing these best practices today!

Malinda Gagnon

Malinda is CEO at Uprise and has more than 20 years of experience in business strategy and technology at companies including Google and WPP, and has advised clients such as Procter & Gamble, General Electric, VW, BlackRock, and Walmart.

Latest Posts


Listen to Brian Gagnon, CTO of Uprise Partners, about getting started with AI in your business.


Learn about IT infrastructure upgrade timelines for SMBs & Uprise's expert support for seamless upgrades for competitiveness, security, and efficiency.

Uprise monthly newsletter —
Get our latest news and updates!


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text




Uprise monthly newsletter —
Get our latest news and updates!