How Easy Is It to Break Passwords?

Technology Update

How Easy Is It to Break Passwords?

Harvey Norman Technology for Business

Cybersecurity threats continue to rise. One of the most common entry points for hackers are weak or stolen passwords, according to the Australian Cyber Security Centre (ACSC) Cyber Threat Report 2024-25. Whether you are running a clinic, managing a practice, or operating a business, short and simple passwords provide minimal protection against modern attack methods.

How Quickly Can a Password Be Cracked?

Cybercriminals often use brute force and dictionary attacks to guess passwords. A brute force attack systematically tries every possible combination of letters, numbers, and symbols until it finds the correct one. Advances in computing power have made these attacks incredibly fast.

Here’s how quickly modern hacking tools can break passwords, based on the latest Hive Systems 2025 Password Table:

If you are using passwords that are less than 12 characters long, your sensitive data could be at serious risk.

Why Should You Use Longer Passphrases?

A passphrase is a longer, more complex password that consists of multiple words strung together, making it both stronger and easier to remember. For example, instead of using “Passw0rd!” which can be cracked in seconds – try combining unrelated words with a symbol, e.g., “BluePiano$TigerMountain”.

Here are some benefits of using passphrases:

Increased Security: 16+ characters make brute force attacks nearly impossible.
Easy to Remember: A sentence-like phrase is simpler to recall than a random mix of characters.
Lower Risk of Reuse: Employees tend to reuse short passwords across multiple accounts, which makes them vulnerable if one account is compromised.

Benefits of Using a Password Manager

Managing multiple passwords is one of the biggest challenges for businesses. Employees often struggle to remember complex credentials, leading to bad habits like writing them down or reusing the same password across different accounts. A password manager solves this problem by storing complex passwords in an encrypted vault.

How a Password Manager Helps:

Creates Strong Passwords: Automatically generates long, complex passwords that are difficult to crack.
Stores Passwords Securely: No more writing them down or saving them in insecure spreadsheets.
Auto-Fills Credentials: Saves time by entering login details securely for employees.
Prevents Phishing Attacks: Since the password manager only auto-fills credentials on legitimate websites, it helps employees avoid fake login pages designed to steal information.
Reduces IT Support Costs: Employees forget passwords less often, reducing the need for frequent password resets.

While password managers significantly improve security, they are not perfect. Like any risk mitigation strategy, businesses must weigh the risks against the benefits. Strong passwords are essential, but they are only one piece of a broader cybersecurity strategy, and this is where partnering with a technology solutions and security provider (TSSP) becomes valuable.

Multi-Factor Authentication (MFA)

Relying on a password alone, even a strong one, is no longer considered enough to protect sensitive data. Hackers have powerful tools that can guess passwords quickly, and stolen passwords are common in data breaches. That’s why a long, unique passphrase is a great first step, but it shouldn’t be your only defence. Adding multi-factor authentication (MFA) makes your accounts much harder to break.

MFA means you need two things to login:

Something you know (your passphrase)
Something you have (like a code from an app or a security key)

When you log in to your email, you enter your passphrase and then confirm your identity by entering a six-digit code from an authenticator app on your phone.

This extra layer means even if someone steals your passphrase, they still can’t get in easily, significantly reducing your risk. By combining a strong passphrase with MFA, businesses can protect against common attacks like phishing and password guessing. It’s one of the simplest and most effective ways to keep your business safe.

Passkeys and Password-less Security

While strong passphrases combined with Multi-Factor Authentication (MFA) significantly improve security, they still rely on passwords. Passwords can be stolen through phishing, reused across accounts, or exposed in data breaches. Even with MFA, attackers can sometimes bypass protections using techniques like SIM swapping or MFA fatigue attacks.

Passkeys eliminate these risks by removing passwords entirely. They use cryptographic keys stored securely on your device and verified through biometrics or a PIN and are supported by major technology platforms such as Apple, Google, and Microsoft. This means:

No Passwords to Steal: Phishing attacks become ineffective because there’s nothing to enter on a fake site.
Stronger Authentication: Passkeys use public-key cryptography, making them resistant to brute force and credential stuffing.
Simple User Experience: Logging in is as easy as using Face ID, Touch ID, or a device PIN.
Cross Platform Support: Major platforms like Apple, Google, and Microsoft already support passkeys, making adoption easier.

How Businesses Can Start Implementing Passkeys

Passkeys work by replacing traditional passwords with a secure key pair, a public key stored on the service and a private key stored on the user’s device. Authentication typically involves biometrics (such as fingerprint or facial recognition) or a device PIN.

Implementation generally involves several components:

Platform Compatibility: Many cloud services, including Microsoft 365 and Google Workspace, have integrated passkey support.
Authentication Configuration: Identity providers and password managers often include options for enabling passkey-based login.
Employee Awareness: Understanding how passkeys function and their role in authentication is important for smooth adoption.
High-Risk Account Coverage: Passkeys can be applied to accounts that handle sensitive data, such as administrative, email, and financial systems.
Password Manager Integration: Modern password managers increasingly support storing and managing passkeys alongside traditional credentials.

Passkeys are designed to reduce risks associated with password reuse, phishing, and credential theft, while providing a streamlined user experience across devices.

Passkeys vs MFA + Passwords

Where the Essential Eight Fits In

To help support Australian businesses manage cyber security risks, the Australian Cyber Security Centre (ACSC) developed the Essential Eight. A practical framework of eight key strategies designed to prevent attacks, limit their impact, and ensure data availability. These controls are widely recognised by regulators and courts as a benchmark for compliance.

Here’s a quick overview of the eight strategies and why they matter.

Working with a Technology Services and Security Provider (TSSP)

Cyber security can feel overwhelming especially for busy practice owners, clinic managers, and small business owners, including sole traders, who are focused on delivering services, not managing IT systems.

A technology services and solutions provider offers the expertise needed to assist business owners manage their cyber security needs effectively.

By partnering with a technology services and security provider (TSSP), businesses can leverage advanced security measures without the need for an in-house team. This ensures that the business’s digital assets are well-protected and compliant, allowing the business to focus on what’s important.

A TSSP provides expert guidance, tools, and ongoing support to help businesses implement and maintain robust cybersecurity measures, including the Essential Eight strategies recommended by the Australian Cyber Security Centre.

How We Can Help

Harvey Norman Technology for Business specialises in complete IT solutions that enhance cyber security, protect critical data, and maximise the efficiency of your IT systems, specifically designed for all businesses, including sole traders.

We understand the challenges of staying ahead of evolving cyber threats, compliance regulations, and maintaining optimal IT performance. Our goal is to assist businesses, to safeguard sensitive business data, minimise risk, enhance system efficiency, and stay protected.

With years of industry experience, a dedicated team, and valuable industry insights, we deliver advanced solutions that protect IT systems, keep businesses secure and compliant, and reduce exposure to risk, all while ensuring compliance with Australian laws and regulations.

Here’s how we support you:

Advanced cyber security solutions to protect against emerging threats
Insights on Australian laws and regulations
Proven strategies to secure sensitive financial and customer information
Best practices for security, compliance, and risk management
Proactive management of your IT system environment, reducing risk and ensuring optimal performance
Help desk support for all IT-related issues
24/7 monitoring by an expert security team

We believe all businesses, no matter the size, deserve reliable and affordable cyber security and IT solutions. We are committed to delivering secure, reliable, and easy-to-implement solutions that safeguard businesses and help them thrive.

Conclusion

Cyber threats aren’t just a concern for large businesses. Whether you have 1 employee or 300, hackers know smaller businesses often have weaker security measures, making them prime targets. According to the ASD Cyber Threat Report 2024-25, cybercrime reports have increased 23 per cent, and the average cost of an incident for small businesses is now over $56,000. That’s a cost most businesses cannot afford.

Protect your business with Harvey Norman Technology for Business. We make enterprise-grade cyber security simple, affordable, and designed for small to medium-sized businesses and sole traders.

Visit the ACA page on the Harvey Norman Technology for Business for more information.