Skip to main content

How Password Management Best Practices Are Evolving

  |  Dashlane

Technology is evolving more rapidly than ever. What was once standard (like software on discs and .mp3 players) has now made way for a more connected virtual world with things like SaaS (Software as a Service) and music subscription platforms. So it’s no surprise that password management standards have also evolved. Read on to see how to keep up and learn what you can do to get ahead.

Want to learn more about using a password manager for your business?

Check out Dashlane's password manager for small businesses or get started with a free business trial.

The evolution of passwords as a security tool 

Decades ago, passwords were developed as a simple way to protect sensitive information. But this technique hasn’t kept up with the pace of digital technology. Today, compromised passwords are the fastest and easiest way for bad actors to gain unauthorized access to your organization’s data and systems.

And cybercriminals don’t have to look very hard to find these proverbial keys to the kingdom.

The astonishing number of compromised credentials available on the dark web is growing fast. Researchers found more than 6.7 billion unique credential pairs—combinations of usernames and passwords—on the dark web in 2022. This was a 34% increase from 2020.

Research shows that credentials are the main path that leads malicious actors into your organization. Last year, credentials were involved in about half of all data breaches that weren’t the result of error or misuse—far ahead of other tactics like phishing and vulnerability exploitations.

As the industry looks for ways to combat the password problem, a passwordless future is on the horizon. Passwordless authentication verifies user identity without requiring a password and uses an authenticator like a smartphone.

This promising development, however, is in its early stages, and wide adoption is years away. Passwords, in fact, may never completely disappear. In the meantime, implementing best practices for password management is critical for every business in the digital age. To make the transition seamless for your organization, any new authentication solution you implement should support both passwords and passkeys (passwordless authentication credentials).

Evolving best practices for password management 

Password management practices, too, have evolved through the years. Not long ago, one common piece of advice was to change passwords regularly—as frequently as monthly or quarterly. Security experts have since learned that this policy only compels people to create easy-to-guess passwords and reuse passwords across accounts. Malicious actors count on both of these behaviors, using various tactics to crack weak passwords or leverage stolen credentials.

Current best practices include using a different strong password for each account, avoiding the use of personal information and dictionary words in passwords, and not sharing passwords through unsecured methods such as collaboration apps and email.

However, requiring employees to follow these practices without a proper tool doesn’t lead to compliance. That’s one reason security experts recommend adopting a password manager across your organization. Password managers are designed to help your employees create, store, share, and manage passwords securely and conveniently.

Circle charts and statistical graphics containing the following information on the state of today’s threat landscape: 77% of organizations report an increase in disruptive cyberattacks in the past 12 months, compared to only 59% in the previous year. 68% increase in the number of data compromises in the U.S. in 2021. 86% of organizations experienced bulk phishing attacks in 2021, compared to 77% in 2020. $4.9 million is the average cost of data breaches caused by phishing, which is the second most common cause of a breach. And the number one tactic leading to data breaches is the use of stolen credentials.

Password managers as a compliance tool 

Recently, government entities, regulatory bodies, and industry groups have placed more emphasis on implementing a password policy and password management practices. One example is an August 2022 circular from the U.S. Consumer Financial Protection Bureau (CFPB), which stated that inadequate security of sensitive consumer data could violate prohibitions of unfair practices.

The bureau stated that cyberattacks could cause substantial harm to consumers and that failure to implement basic security practices significantly increases the likelihood of an unfair practices violation. One of the three best practices that the  CFPB recommended to avoid noncompliance is implementing password management policies and procedures.

While the advancement of technology certainly isn’t slowing down, there are ways to make sure you don’t get left behind. The right resources can act as partners in your virtual journey and help you stay ahead of the curve and in the know.

A good foundation is the key to building your cybersecurity knowledge base.

Check out our white paper, Password Management 101, to get a firm grasp on password management best practices and learn how to safeguard your organization.


  1.  EY, “Global Information Security Survey,” 2021.
  2.  Identity Theft Resource Center, “Data Breach Annual Report,” 2021.
  3. Proofpoint, “State of the Phish,” 2022.
  4.  IBM Security, “Cost of a Data Breach Report,” 2022.
  5.  Verizon, “Data Breach Investigations Report,” 2022

Sign up to receive news and updates about Dashlane