Still Using Weak Passwords? Do This Instead.

According to IBM’s Cost of a Data Breach Report 2025, attackers are logging in rather than hacking in. Passwords are the first line of defense between a criminal and sensitive information, and weak or reused passwords remain the most common way criminals gain unauthorized access to accounts.

Unfortunately, many individuals still choose passwords that include personal details or are reused across multiple platforms. This practice leaves employees and organizations vulnerable to data breaches, identity theft, and even system hijacking. For public entities that maintain hundreds of thousands of records containing personally identifiable information, the risks are exceptionally high. Creating strong, unique passwords is one of the most effective ways to defend against cyberattacks. While threat actors use sophisticated tools to ‘crack’ passwords, choosing complex, secure passwords and protecting them appropriately can significantly reduce the risk of identity theft, financial fraud, and unauthorized access to your entity’s data.

By following best practices for creating secure passwords and utilizing a password manager, public entities can more effectively safeguard sensitive records and mitigate cybersecurity risks.

Creating strong passwords and securing them with a password manager

Make Passwords Long: Consider using the longest password permissible whenever possible (at least 16 characters)
Create Random Passwords: Consider choosing passwords that combine letters, numbers, and symbols to reduce the risk of hacking. Consider trying different variations of a passphrase, but avoid common phrases, famous quotations, and song lyrics. For example: T9v#R2q!L8m@X4pZ
Make Passwords Unique: Consider using phonetic replacements, such as “ph” instead of “F.” Use an exclamation point (!) to replace the letters (I) or (L), or make deliberate misspellings, such as “enjin” instead of “engine.”
Use a Password Manager: Strong passwords can be challenging to remember. Consider using a password manager to securely store strong passwords, rather than saving them on your computer.

CIRMA’s Cyber Webinar Series helps members enhance their overall cybersecurity awareness by covering a wide range of topics, including creating strong passwords, enabling multifactor authentication, recognizing phishing attempts, and safeguarding sensitive data. In addition, national organizations such as CISA and the National Cybersecurity Alliance support Cybersecurity Awareness Month with initiatives that include educational PDFs, training videos, and other resources. These materials offer practical guidance on best practices to mitigate risk and foster a stronger cybersecurity culture.

Conclusion

Training and education remain the most effective defense against cybercrimes, and knowing how to protect yourself and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week.

CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cybercrimes, including phishing attacks. Has your municipality or school board taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform? Contact your local CIRMA Risk Management representative to get started today.

Resources

Secure Our World: https://www.cisa.gov/secure-our-world

Use Strong Passwords: https://www.cisa.gov/secure-our-world/use-strong-passwords

Create Strong Passwords: https://www.staysafeonline.org/events/create-strong-passwords-(and-actually-remember-them)

National Cybersecurity Alliance: Cybersecurity Awareness Month: https://www.staysafeonline.org/cybersecurity-awareness-month

Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.

Cyber Resources Created for CIRMA Members: