IT Solutions
Depend on us to get your organisation to the next level.
Sectors
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
About Us
Your tech partner
15th April, 2025
Keeping your information safe from the unwanted attention and eyes of others has been an important and fascinating part of security processes for thousands of years.
The ancient Romans created a watchword that had to be written down and changed every day, to literally stop enemies at the gates. Much later, military personnel began to use two-part challenge-response phrases that were used to confirm identity among the initiated. Perhaps the most famous of these was the wonderfully simple example of allied forces shouting ‘Flash’ at strangers during the D-Day landings. If they quickly replied with ‘Thunder’ then you could be confident they were a friend and not a foe.
In 1961, the first ever digital passwords were created to give multiple users access to the Compatible-Time Sharing System (CTSS) computer mainframe at MIT. It was intended to protect personal files, confidential information and ensure privacy.
Perhaps more importantly, in 1962 the first password breach occurred when a researcher managed to print out the entire password file to give himself more time on the CTSS mainframe. This was officially the first cyber security incident.
Over 60 years later, the philosophy of what is being protected remains exactly the same, but the methods and processes employed are a different world altogether.
Since 2012, the first Thursday of May in every year is recognised as World Password Day. This is a chance to reinforce the importance of good cyber security practices for every organisation and encourages us all to go back to the basics of good password and security hygiene & housekeeping.
Interestingly, the first password created all those years ago for the CTSS was CTSS. And it certainly seems that in all the time since, those responsible for cybersecurity have been similarly frustrated and disappointed at how easy it can be for user passwords to be compromised.
The most common stolen and hacked passwords of 2024 were 123456, admin and – wait for it – password. Reports show that this is an incredibly dangerous problem for both business and personal accounts with a staggering 85% of hacking related breaches in 2025 implicating weak passwords. These figures go further to suggest that 70% of weak passwords can be hacked in less than a second using simple and easy to obtain brute force methods.
It’s clear that relying on user generated passwords for every device, application and digital platform you interact with has not been best practice for at least the last five years. Working in this way becomes impossible to manage and crucially puts your users and your entire organisation at risk from increased vulnerability.
Thankfully, enhanced authentication methods are available that can be employed to remove any overreliance on passwords to bolster your cyber security practices on an organisational and user level.
We have created a guide to those methods here with a little bit about how they work, where they can be utilised and why they are important.
Single Sign-On (SSO) is an enhanced authentication process that enables the user to access multiple systems or application using only one set of credentials. In terms of user experience and reduced cyber security complexity this can be a transformative way of taking the responsibility away from your team without compromising protection.
SSO greatly reduces the overall attack surface that users must manage in a simple way. It can also liberate a huge amount of time for users to be repurposed into more high value tasks in their work roles. Some studies have suggested that almost an hour a month is lost by an average user every month maintaining multiple passwords across their digital tools. For an SME it’s easy to see how this can quickly add up in terms of resources needed, IT support required and user productivity affected.
Multi-Factor Authentication (MFA) is a security process that requires two or more forms of verification in order to give the user access to the systems or applications they want to use. It works on the basis of providing at least two of the following elements to act as your secure entry:
The elevated security results from MFA are incredibly effective. Microsoft has stated that using this method correctly can block 99.9% of account compromise cyber-attacks with 96% of phishing scams eliminated and 75% of targeted attacks prevented.
The efficacy of MFA has meant that it is now the standard expected for the compliance with many data protection regulations that span several industries such as GDPR and PCI DDS. It also acts as the perfect security solution for an increasingly hybrid or remote workforce that work across devices in the office and at home.
Tools such as Microsoft’s Authenticator app represent the most efficient way of adding additional security in a user-friendly way with minimal training and maintenance required. However, even without an authenticator app secure access can be provided through text messages or phone calls to verify user identity.
Having a physical object that assumes responsibly for security can be an incredibly reassuring tool. Hardware Security Keys fulfil this while adding another level of cybersecurity complexity in the Multi-Factor Authentication process.
Once you have the security key it must be registered with a supporting platform, account or application that you want to set up access for. With many leading digital companies such as Microsoft, Apple, Google and NordPass offering Hardware Security Key capability, much of an organisation’s workflow can now be secured in this way.
Once again, the process is simple with an initial login prompting a tap or device interaction from the physical key to grant access.
Hardware security keys in particular are part of an industry-wide drive to reduce, and even entirely remove, the need for password access. Fast Identity Online (FIDO) is a rapidly developing way of creating faster and more secure standards for authentication, without passwords, in convenient ways.
As these security alternatives mature and reach much wider adoption, it may very well be that the humble password is consigned to history in the same way as written Roman watchwords and the challenge-response phrases that came before them.
However, until that is the case make sure that you are doing everything in your power to keep yours as safe and secure as possible.
Understanding your current level of protection from cyber threats and potential attacks is more important than ever. The threat landscape is growing every day with any potential weakness exposing vulnerabilities that can have business-crippling consequences.
We can conduct a free cyber security assessment to give you your score and see where improvements must be made. It could make all the difference between the peace of mind from security and the headache of multiple exposed risks across your IT estate.
BCN is a leading UK Microsoft Cloud Solutions partner, fully accredited with all 6 partner designations, including the Microsoft Solutions Partner for Security.
We understand that a cyberattack is more than just an attack on your organisation, it can have an impact on your people, your stakeholders, your customers and your reputation.
The BCN Cyber Security Pledge demonstrates this commitment, with an aim of levelling 100% of our customers to the recommended level of cyber security posture as standard.
