Going beyond an annual password change, Martin Kraemer, security awareness advocate at KnowBe4, shares five practices all organizations should adopt to improve their security hygiene.
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, celebrates upcoming Change Your Password Day by encouraging organizations to adopt secure, more effective password strategies to combat evolving cyber threats.
After experiencing the distressing consequences of being hacked on two separate occasions, former technology journalist Matt Buchanan established Change Your Password Day in 2012. Observed annually on February 1st, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. While its original purpose—encouraging regular password updates—may seem a little outdated to many security professionals, the day continues to hold value in emphasizing the significance of personal and collective responsibility in cybersecurity.
Despite advances in multi-factor authentication (MFA) and biometrics, passwords remain a primary defense for digital security. Unfortunately, many users still rely on weak, reused passwords, creating significant vulnerabilities. A single breached password can allow attackers to infiltrate networks, steal sensitive data, compromise accounts and launch phishing campaigns, potentially leading to severe financial and reputational damage for organizations.
In the 13 years since the day's inception, cyber threats have evolved significantly, as have the measures used to combat them. As a result, experts now emphasize the importance of adopting advanced practices that go beyond simply changing passwords, offering a more effective, robust, and user-friendly approach to safeguarding sensitive information.
Acknowledging that effective security requires more than an annual password change, Kraemer outlines five essential practices for organizations to establish strong security hygiene in 2025:
- Monitor new passwords automatically: Use available tools to validate new passwords against known breaches and dark web datasets, and alert users to change their passwords if a match is detected.
- Encourage the use of pass-phrases or randomly generated passwords: Promote pass-phrases or randomly generated passwords for greater strength and resilience against attacks.
- Require the use of a password manager: Mandate password managers to securely create, store, and manage unique credentials, removing the burden away from the employee to remember long character combinations.
- Recommend implementing Multi-Factor Authentication (MFA): Strengthen security by requiring an additional verification step, like a code, biometric, or token.
- Reduce the importance of password complexity in favor of length: Where a password manager cannot be used, encourage employees to focus on longer passwords or pass-phrases rather than relying heavily on complex character requirements.
“While Change Your Password Day is a great reminder to all employees of their individual responsibility when it comes to cybersecurity, in today’s climate, it might be better named ‘Use Strong Authentication Day.’” said Kraemer. “Changing your password regularly once served as a timely reminder that cybersecurity mattered, even if the act itself did not always result in greater security. Now, the actions required of employees may be different, but the message remains the same—everyone has a part to play in safeguarding their organization against threats."
For more insights and best security practices, visit https://www.knowbe4.com/.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defence layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organization’s biggest asset.
