KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, celebrates upcoming Change Your Password Day by encouraging organisations to adopt secure, more effective password strategies to combat evolving cyber threats.
After experiencing the distressing consequences of being hacked on two separate occasions, former technology journalist Matt Buchanan established Change Your Password Day in 2012. Observed annually on February 1st, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. While its original purpose—encouraging regular password updates—may seem a little outdated to many security professionals, the day continues to hold value in emphasising the significance of personal and collective responsibility in cybersecurity.
Despite advances in multi-factor authentication (MFA) and biometrics, passwords remain a primary defence for digital security. Unfortunately, many users still rely on weak, reused passwords, creating significant vulnerabilities. A single breached password can allow attackers to infiltrate networks, steal sensitive data, compromise accounts and launch phishing campaigns, potentially leading to severe financial and reputational damage for organisations.
In the 13 years since the day’s inception, cyber threats have evolved significantly, as have the measures used to combat them. As a result, experts now emphasise the importance of adopting advanced practices that go beyond simply changing passwords, offering a more effective, robust, and user-friendly approach to safeguarding sensitive information.
Acknowledging that effective security requires more than an annual password change, Kraemer outlines five essential practices for organisations to establish strong security hygiene in 2025:
-
Monitor new passwords automatically: Use available tools to validate new passwords against known breaches and dark web datasets, and alert users to change their passwords if a match is detected.
-
Encourage the use of pass-phrases or randomly generated passwords: Promote pass-phrases or randomly generated passwords for greater strength and resilience against attacks.
-
Require the use of a password manager: Mandate password managers to securely create, store, and manage unique credentials, removing the burden away from the employee to remember long character combinations.
-
Recommend implementing Multi-Factor Authentication (MFA): Strengthen security by requiring an additional verification step, like a code, biometric, or token.
-
Reduce the importance of password complexity in favour of length: Where a password manager cannot be used, encourage employees to focus on longer passwords or pass-phrases rather than relying heavily on complex character requirements.
“While Change Your Password Day is a great reminder to all employees of their individual responsibility when it comes to cybersecurity, in today’s climate, it might be better named ‘Use Strong Authentication Day.’” said Kraemer. “Changing your password regularly once served as a timely reminder that cybersecurity mattered, even if the act itself did not always result in greater security. Now, the actions required of employees may be different, but the message remains the same—everyone has a part to play in safeguarding their organisation against threats.”
For more insights and best security practices, visit https://www.knowbe4.com/.
This comes after news that KnowBe4 have launched their threat labs and analysis initiative to mitigate human-targeted cybersecurity attacks.
