Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Managing Passwords and Mitigating Password Risk

managing passwords

about the author

Share this post

Passwords have been a mainstay of security since human language evolved. This shared secret can be used to open both physical and digital doors. But like any secret, if it is revealed to the wrong person, it can be used for nefarious deeds.

Passwords offer cybercriminals a way to get past the gatekeeper. That gate is wide open if a password is insecure, shared, or phished. Managing passwords helps to mitigate risk in an organisation.

Here is a look at some of the risks of using passwords and tips on managing passwords.

The Problem with Passwords

Passwords are persistent because users understand them; they are understood by web and app developers and offer basic security. Passwords will persist for these reasons, even with initiatives such as the passwordless system, FIDO.

A secure password is the most fundamental login credential, but passwords are far from a robust security measure. Because of the doors a password can open, this credential has become a focus of cyber attacks. The 2022 Data Breach Investigations Report (DBIR) identified credential theft as one of the top four methods used to breach data.

The 2022 Annual Identity Exposure Report identified some staggering statistics concerning passwords:

● 1.7 billion credentials (combinations of email address and password or username and password) were exploited by hackers in 2021

● 70% of users were still using compromised passwords a year later

● The number one reused password in cleartext (i.e., unencrypted) was ‘password’

● 60% of users reuse passwords. A Google survey found that 52% reuse passwords across multiple accounts.

● Only 20% of users have a password manager

The costs of password exposure, theft, and unauthorised access stack up. The 2022 Ponemon Institute Cost of Insider Threats report discovered that:

● The cost of credential theft increased 65% from $2.79 million in 2020 to $4.6 million in 2021/2022

● Containing an insider threat takes around 85 days

● Incidents that took more than 90 days to contain cost, on average, $17.19 million

How Passwords End Up in The Hands of Cybercriminals

Some of the most typical ways that passwords are stolen or compromised include:

Malware Infection

Malware designed to steal data will send any password/username/email combos input by a user to the cybercriminals controlling the malware.

A SpyCloud report found that in 2021, “RedLine Stealer” malware was widely used to steal credentials and other data from Windows users. The malware was available for purchase on a dark website for $800 or a malware-as-a-service subscription for $200 a month.

Data Breach

Data breaches offer a cybercriminal a way to access stolen passwords and username or email pairs, i.e., login credentials. For example, the Collection 1-5 data breach of 2019 exposed 2.2 billion passwords and email addresses.

Data breaches typically occur via unauthorised access to a database, a security misconfiguration that leaves the database vulnerable, accidental exposure from email mis-delivery, or deliberate hacking. In a cycle of cybercrime, a compromised database then releases more login credentials to carry out further attacks.


A popular way to steal passwords is phishing. In fact, the 2022 DBIR noted phishing as one of the top four data breach methods to gain access to login details. Spear-phishing is a particular issue for system admins and privileged users targeted for their privileged access credentials.

Third-party vendors are targets for hackers in password-related attacks. For example, in the case of the Colonial Pipeline ransomware attack of 2021, a single stolen password from an ex-employee was linked to the attack that caused half of the USA’s fuel supplies to be temporarily closed.

Accidental Exposure and Insider Threats

Employees like to share passwords with colleagues as well as reuse them. A recent survey found that almost 42% of employees share passwords with co-workers. The same study found that 1 in 4 employees still had access to old accounts even after leaving a company.

Accidental password exposure or unauthorised access is a significant contributor to cyber attacks and data breaches, with the 2022 DBIR finding that 82% of attacks involve a human being.

Five Quick Tips to Managing Passwords

Here are five tips for managing passwords and reducing risk:

Set Up and Enforce Password Policies

Password policies are the first step in de-risking the use of passwords. Password policies include everything associated with managing passwords and keeping passwords secure. For example, a policy should include the safe storage of passwords and how often a password needs to be changed.

Password policies should also clearly state how employees should create and manage passwords. Policies should be distributed to employees, and management of the policy should be automated across the policy’s lifecycle to ensure it is accepted and understood across the business.

Use a Password Manager

Password managers such as Lastpass and password generators reduce password fatigue and, therefore, can help eliminate password reuse and sharing. If you’re using a password manager, then technically, you only need to remember one set of credentials—the master password to log into your password manager.

Once you’re logged into password manager using your master password, the password manager does the rest – stores, generates, sync and updates passwords. Your master password is used to encrypt the stored passwords in your password vault.

But password managers are still underused in companies. There are lots of password managers, but cloud-based services can be easier to deploy and administrate. Look for a password manager that can also work across operating systems and protects other data types, including passwords.

Use a Second Factor (2FA/MFA)

Using a second factor, such as a mobile authentication code, is a useful way to add another layer of security to the access of an application. However, you should not rely on 2FA to offer 100% risk-free access control.

Cybercriminals are already working out ways to circumvent second-factor authentication. If you can, implement 2FA, but back this measure up with our following two tips to de-risk passwords:

Train Employees About Password Hygiene

Password policies should reflect the cyber security industry standards for creating, using, and managing passwords. However, enforcing this policy requires employees to understand why secure passwords are essential.

Cyber Security Awareness Training programs typically include modules on creating strong passwords and keeping passwords secure.

Use Phishing Simulations to Reduce Password Theft

Phishing is one of the main methods to steal passwords and other credentials. By training employees on how phishing works and what the tell-tale signs of a phishing message look like, a company can help prevent the theft of credentials via phishing.

Phishing simulation platforms offer a centralised and configurable way to send out simulated phishing messages to staff. An advanced simulated phishing platform will also allow you to tailor the simulated phishing messages to reflect the different roles in your company.

Organisations will likely continue to use passwords for a while to come, adding to the risk of a cyber attack. However, by applying the five tips outlined here, you can de-risk the use of passwords by your employees. These tips help prevent data breaches and ransomware infection and help your company comply with data protection regulations.

Security Awareness Training for Third-Party Vendor

Other Articles on Cyber Security Awareness Training You Might Find Interesting