Stop Bad Passwords Before They Stop You.
- Esteffan Coetzee
- 1 day ago
- 2 min read
October arrives. Attention is high. Time… not so much. So to save you time, we’ve focused on the four biggest wins: stronger passwords, password manager adoption, MFA everywhere, and a first step into passkeys. Result: better logins, fewer resets, and a safer team.
Use this four-week plan to run high-impact awareness with minimal effort.

Week 1 - Passwords: Long, Unique, Unbeatable
Why this week matters:
Weak or recycled passwords are the speed run to a breach. Start by fixing the basics.
Fun-fact: 81% of hacking-related breaches come from weak or reused passwords.*
Source - Spacelift
Behavioural checklist for this week:
🔒Create long passphrases (12+ characters)
🚫Stop reusing passwords across accounts

Week 2 - Password Managers: One Vault, Many Wins
Why this week matters:
People won’t remember 100+ unique passwords. Tools will.
Fun-fact: The average worker manages ~87 work passwords, yet only ~36% of U.S. adults use a password manager. Huge room for easy wins.*
Source - NordPass
Behavioural checklist for this week:
🛠️ Install/enable your approved password manager
➕ Use it to generate and save unique passwords by default

Week 3 - Multi-Factor Authentication (MFA)
Why this week matters:
When (not if) a password leaks, MFA keeps the door shut.
Fun-fact: Microsoft’s telemetry shows MFA can block >99.9% of account-compromise attempts; guidance in 2025 still cites >99.2% protection. Turn it on everywhere you can.*
Source - Microsoft
Behavioural checklist for this week:
✅ Turn on MFA wherever it’s offered
🛑 Recognise and deny “push-fatigue” approval spam

Week 4 - Passkeys: Phishing-Resistant by Design
Why this week matters:
Passkeys replace passwords with device-bound keys—nothing to type, nothing to steal.
Fun-fact: 15B+ online accounts can now leverage passkeys; Google alone reports 400M+ accounts using passkeys with 1B+ sign-ins. They’re phishing-resistant by design.*
Source - FIDO Alliance
Behavioural checklist for this week:
📲 Enrol a passkey on at least one supported service
🔁 Keep MFA on for any accounts that don’t support passkeys yet
Comments