Proudly supported by

Australian Government logo


Resources Hub / Small business cyber basics / Simple ways to upgrade your password strength

Simple ways to upgrade your password strength



The Australian Cyber Security Centre and Cyber Wardens have teamed up to support small business owners strengthen their passwords to keep cyber criminals out.

Passwords and passphrases (a.k.a. a string of words like PurpleCyberResearchSafe) are the first line of defence in keeping your business safe. If cyber criminals crack your password, they’ve got the keys to your business. They can steal your hard-earned cash, redirect invoices to their own bank account, access your confidential information or commit fraud by pretending to be you.

With so much at stake, it would be easy to assume that everyone knows and practices good password hygiene. But new research shows Australian small businesses have a long way to go to ensure their passwords are as safe as they could be.

A survey of more than 2000 small business owners and their employees shows that one in two has basic password vulnerabilities:

  • Only 54% of businesses are consistently not sharing passwords
  • Consistent use of Multi-Factor Authentication (MFA) where a second step of verification is required to access accounts only happens 53% of the time
  •  One in 5 never use a password manager or are unsure.

Password processes matter

The research shows that how your team manages passwords is very important. We need good processes to make sure everyone is cyber-safe, but in-person workers and casual workers need extra support to follow best practise.  Here’s why.

In-person workers and password management

The temptation to share passwords on post-its, or just shout them to the cubicle next door is one in-person workers may struggle with. The survey also found that in-person working can create increased cyber risk around password security.

What to do about it:

Casual workers and password management

The research shows we might be tempted to skip steps and share logins amongst casual team members because they are only using multi-factor logins 42% of the time compared to 56% of the time for full-time employees.
Setting up new passwords and logins for every casual staff member can seem time-consuming and frustrating, but we promise it’s more time-consuming to be hacked.

What to do about it:

Improving your small business password skills

So, how can you upgrade your password skills?
1. Sharing is not caring

Don’t share passwords between programs and don’t share them between team members either.

2. Upgrade from a password to a passphrase

Update your passwords to a random combination of words called a passphrase, it’s easier to remember and tougher to crack for cyber criminals. For example, “crystal onion clay pretzel”.

3. Add a virtual deadbolt to your doors

Multi-Factor Authentication (MFA) gives you that extra layer of security like adding a deadbolt to your doors.

MFA works by adding additional safety steps to confirm it’s really you trying to get into your account. There are a few ways it can do this, but the most common is sending a one-off code to your phone or through a special app.

This extra layer helps prevent cyber criminals from accessing your business information if your password is compromised.

PRO TIP: Don’t forget, it’s important to roll out MFA for all of your team members and accounts.

4. Use a password manager

Passwords can be difficult to remember, right? Getting your team members to use a password manager takes the difficulty out of remembering multiple complex passwords and keeps them secure. Even better? Password managers can generate those hard-to-crack passwords for you.

For more information about passphrases and password managers visit
*Research conducted by 89 Degrees East on behalf of COSBOA, with 2000+ Australian small business owners and employees in November and December 2022.  

With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.

Learn easy and simple cyber security tips for your small business

More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.