Cyber security threats continue to rise. The Australian Cyber Security Centre (ACSC) Cyber Threat Report 2024-25 highlights that weak or stolen passwords remain one of the most common entry points for attackers. Whether you are running a clinic, managing a practice, or operating a business, short and simple passwords provide minimal protection against modern attack methods.
How Quickly Can a Password Be Cracked?
Cybercriminals often use brute force and dictionary attacks to guess passwords. A brute force attack systematically tries every possible combination of letters, numbers, and symbols until it finds the correct one. Advances in computing power have made these attacks incredibly fast.
Here’s how quickly modern hacking tools can break passwords, based on the latest Hive Systems 2025 Password Table:
|
Password Length |
Complexity |
Complexity |
|
4 characters |
Instantly |
Instantly |
|
6 characters |
Instantly |
Instantly |
|
8 characters |
Less than 8 seconds |
8 hours |
|
10 characters |
4 minutes |
3 weeks |
|
12 characters |
2 hours |
300 years |
|
16 characters |
1 month |
25 trillion years |
These statistics highlight a simple fact: short passwords are not secure. If you are using passwords that are less than 12 characters long, your sensitive data could be at serious risk.
Why Should You Use Longer Passphrases?
A passphrase is a longer, more complex password that consists of multiple words strung together, making it both stronger and easier to remember. For example, instead of using “Passw0rd!”, which can be cracked in seconds. Try combining unrelated words with a symbol, e.g., “BluePiano$TigerMountain.”
Here are some benefits of using passphrases:
- Increased Security - 16+ characters make brute force attacks nearly impossible.
- Easy to Remember – A sentence-like phrase is simpler to recall than a random mix of characters.
- Lower Risk of Reuse – Employees tend to reuse short passwords across multiple accounts, which makes them vulnerable if one account is compromised.
Benefits of Using a Password Manager
Managing multiple passwords is one of the biggest challenges for businesses. Employees often struggle to remember complex credentials, leading to bad habits like writing them down or reusing the same password across different accounts. A password manager solves this problem.
How a Password Manager Helps
- Creates Strong Passwords – Automatically generates long, complex passwords that are difficult to crack.
- Stores Passwords Securely – No more writing them down or saving them in insecure spreadsheets.
- Auto-Fills Credentials – Saves time by entering login details securely for employees.
- Prevents Phishing Attacks – Since the password manager only auto-fills credentials on legitimate websites, it helps employees avoid fake login pages designed to steal information.
- Reduces IT Support Costs – Employees forget passwords less often, reducing the need for frequent password resets.
While password managers significantly improve security, they are not perfect. Like any risk mitigation strategy, businesses must weigh the risks against the benefits. Strong passwords are essential, but they are only one piece of a broader cyber security strategy, and this is where partnering with a technology solutions and security provider (TSSP) becomes valuable.
Combining a Strong Passphrase with Multi-Factor Authentication (MFA)
Relying on a password alone, even a strong one, is no longer considered enough to protect sensitive data. Hackers have powerful tools that can guess passwords quickly, and stolen passwords are common in data breaches. That’s why a long, unique passphrase is a great first step, but it shouldn’t be your only defense. Adding multi-factor authentication (MFA) makes your accounts much harder to break.
MFA means you need two things to login:
- Something you know (your passphrase)
- Something you have (like a code from an app or a security key)
When you log in to your email, you enter your passphrase and then confirm your identity by entering a six-digit code from an authenticator app on your phone.
This extra layer means even if someone steals your passphrase, they still can’t get in easily, significantly reducing your risk. By combining a strong passphrase with MFA, businesses can protect against common attacks like phishing and password guessing. It’s one of the simplest and most effective ways to keep your business safe.
Passkeys and Password-less Security
While strong passphrases combined with Multi-Factor Authentication (MFA) significantly improve security, they still rely on passwords. Passwords can be stolen through phishing, reused across accounts, or exposed in data breaches. Even with MFA, attackers can sometimes bypass protections using techniques like SIM swapping or MFA fatigue attacks.
Passkeys eliminate these risks by removing passwords entirely. They use cryptographic keys stored securely on your device and verified through biometrics or a PIN. This means:
- No Passwords to Steal – Phishing attacks become ineffective because there’s nothing to enter on a fake site.
- Stronger Authentication – Passkeys use public-key cryptography, making them resistant to brute force and credential stuffing.
- Simple User Experience – Logging in is as easy as using Face ID, Touch ID, or a device PIN.
- Cross Platform Support – Major platforms like Apple, Google, and Microsoft already support passkeys, making adoption easier.
How Businesses Can Start Implementing Passkeys
Passkeys are a password-less authentication method that uses cryptographic keys stored on a user’s device. They are supported by major technology platforms such as Apple, Google, and Microsoft. Passkeys work by replacing traditional passwords with a secure key pair, a public key stored on the service and a private key stored on the user’s device. Authentication typically involves biometrics (such as fingerprint or facial recognition) or a device PIN.
Implementation generally involves several components:
- Platform Compatibility – Many cloud services, including Microsoft 365 and Google Workspace, have integrated passkey support.
- Authentication Configuration – Identity providers and password managers often include options for enabling passkey-based login.
- Employee Awareness – Understanding how passkeys function and their role in authentication is important for smooth adoption.
- High-Risk Account Coverage – Passkeys can be applied to accounts that handle sensitive data, such as administrative, email, and financial systems.
- Password Manager Integration – Modern password managers increasingly support storing and managing passkeys alongside traditional credentials.
Passkeys are designed to reduce risks associated with password reuse, phishing, and credential theft, while providing a streamlined user experience across devices.
Passkeys vs MFA + Passwords
|
Feature |
MFA + Passwords |
Passkeys |
|
Password Dependency |
Requires a password plus an additional factor |
No password required |
|
Phishing Resistance |
Vulnerable if password is stolen or entered on fake sites |
Eliminates phishing risk (no password to steal) |
|
Authentication Strength |
Relies on password complexity and MFA code |
Uses public-key cryptography, resistant to brute force |
|
User Experience |
Requires password entry and MFA code |
Simple login via biometrics or device PIN |
|
Cross-Platform Support |
Supported by most services with MFA options |
Supported by Apple, Google, Microsoft, and major platforms |
Where the Essential Eight Fits In
To help support Australian businesses manage cyber security risks, the Australian Cyber Security Centre (ACSC) developed the Essential Eight. A practical framework of eight key strategies designed to prevent attacks, limit their impact, and ensure data availability. These controls are widely recognised by regulators and courts as a benchmark for compliance.
Here’s a quick overview of the eight strategies and why they matter.
|
Strategy |
What It Means |
Why It Matters |
|
Application Control |
Only allow approved apps and programs to run on your systems. |
Stops malware from running in the first place. |
|
Patch Applications |
Regularly update software (e.g., browsers, Microsoft Office, PDF readers). |
Fixes security holes that hackers can exploit. |
|
Configure Microsoft Office Macro Settings |
Block risky macros from running in documents. |
Macros are a common way for viruses to get in. |
|
User Application Hardening |
Disable unnecessary features in apps (like Flash, ads, Java). |
Reduces the number of ways hackers can get it. |
|
Restrict Admin Privileges |
Only IT/admin staff should have full access to systems. Regular users get only what they need. |
Limits the damage if someone's account is hacked. |
|
Patch Operating Systems |
Keeps Windows, MacOS, or other operating systems updated. |
Prevents known security flaws from being used against you. |
|
Multi-Factor Authentication (MFA) |
Require users to enter a second code (e.g., from an app or SMS) when logging in. |
Makes it much harder for hackers to break into accounts. |
|
Regular Backups |
Automatically back up your data, and test restoring it. |
Essential if you're hit by ransomware or system failure. |
Working with a Technology Services and Security Provider (TSSP)
Cyber security can feel overwhelming especially for busy practice owners, clinic managers, and small business owners, including sole traders, who are focused on delivering services, not managing IT systems.
Navigating the complexities of commercial level cyber security can be overwhelming. A technology services and solutions provider offer the expertise needed to assist business owners manage their cyber security needs effectively.
By partnering with a technology services and security provider, businesses can leverage advanced security measures without the need for an in-house team. This ensures that the business’s digital assets are well-protected and compliant, allowing the business to focus on what’s important
That’s where a Technology Solutions and Services Provider (TSSP) comes in. A TSSP provides expert guidance, tools, and ongoing support to help businesses implement and maintain robust cybersecurity measures, including the Essential Eight strategies recommended by the Australian Cyber Security Centre.
How We Can Help
Harvey Norman Technology for Business specialises in complete IT solutions that enhance cyber security, protect critical data, and maximise the efficiency of your IT systems, specifically designed for all businesses, including sole traders.
- Simplified IT | Enterprise-grade solutions, secure networks, and expert technology services made easy and stress-free.
- Proactive Protection | 24/7 monitoring, real-time threat detection, compliance-ready security, and preventative system maintenance.
- Cyber security | Secure backups, recovery management, advanced threat protection, and rapid incident response.
- Local Expertise, Nationwide Support | Access to a world-class help desk, backed by personalised service and the support of a trusted national brand.
We understand the challenges of staying ahead of evolving cyber threats, compliance regulations, and maintaining optimal IT performance. Our goal is to assist businesses, to safeguard sensitive business data, minimise risk, enhance system efficiency, and stay protected.
With years of industry experience, a dedicated team, and valuable industry insights, we deliver advanced solutions that protect IT systems, keep businesses secure and compliant, and reduce exposure to risk, all while ensuring compliance with Australian laws and regulations.
Here’s how we support you:
- Advanced cyber security solutions to protect against emerging threats
- Insights on Australian laws and regulations
- Proven strategies to secure sensitive financial and customer information
- Best practices for security, compliance, and risk management
- Proactive management of your IT system environment, reducing risk and ensuring optimal performance
- Help desk support for all IT-related issues
- 24/7 monitoring by an expert security team
We believe all businesses, no matter the size, deserve reliable and affordable cyber security and IT solutions. We are committed to delivering secure, reliable, and easy-to-implement solutions that safeguard businesses and help them thrive.
Harvey Norman Technology for Business is a trusted partner, empowering business owners with cyber security and technology solutions to keep their business safe, secure, and ready for growth.
Conclusion
Cyber threats aren’t just a concern for large businesses. Whether you have 0 employees or over 300, hackers know smaller businesses often have weaker security measures, making them prime targets. According to the ASD Cyber Threat Report 2024-25, cybercrime reports have increased 23%, and the average cost of an incident for small businesses is now over $56,000. That’s a cost most businesses cannot afford.
Implementing simple steps like using strong passphrases and a password manager can drastically reduce your risk. Add Multi-Factor Authentication (MFA), and you have built a powerful defense against common attacks like phishing and credential theft.
Protect your business with Harvey Norman Technology for Business. We make enterprise-grade cyber security simple, affordable, and designed for small to medium-sized businesses and sole traders.
