Why Google and Microsoft Are Sounding the Password Only Alarm
As cyber threats continue to evolve, two of the world’s largest technology provider, Google and Microsoft, have issued warnings to users. Traditional password only security is no longer fit for purpose.
At Speedster IT, we have seen first-hand how UK businesses are increasingly exposed to credential-based attacks, and we strongly support the shift towards more secure authentication methods like Multi-Factor Authentication (MFA) and passkeys.
The Password Problem: Why It is Time to Act
Passwords have long been the weakest link in digital security. Despite years of awareness campaigns, many organisations still rely on outdated login practices. The consequences are serious.
- Phishing Attacks in the UK are becoming more sophisticated, targeting employees with convincing fake emails and login pages.
- Credential stuffing uses leaked passwords from one service to breach others, especially when staff reuse credentials.
- Brute-force attacks exploit weak or predictable passwords, often with automated tools.
- Microsoft reports blocking over 7,000 password attacks per second globally.
- Google’s own data shows that 37% of successful breaches stem from stolen or weak credentials. These are not theoretical risks, they are happening every day.
MFA Security UK and Passkeys: The Modern Defence
At Speedster IT, we advise our clients to adopt a layered approach to authentication.
- Multi-Factor Authentication (MFA): This adds a second layer of verification, such as a mobile prompt or biometric check, making it significantly harder for attackers to gain access.
- Passkeys: These are a secure, passwordless authentication login methods that uses device-based credentials or biometrics. They are phishing-resistant, easy to use, and eliminate the need to remember passwords altogether.
Microsoft has already begun phasing out password storage in its Authenticator app, while Google has rolled out passkey support across Chrome and Android.
Going Password Less What This Means for UK Businesses
For UK organisations, especially SMEs, the message is clear. it is time to modernise your authentication strategy.
With hybrid working, cloud adoption, and increased reliance on digital tools, the attack surface has grown. Cybercriminals are targeting businesses of all sizes, and weak credentials are often their way in.
At Speedster IT, we recommend the following UK business cyber security.
- Auditing your current login systems to identify vulnerabilities.
- Enabling MFA across all platforms, including Microsoft 365, Google Workspace, and any cloud-based tools.
- Rolling out passkeys where supported, especially for staff using modern devices.
- Educating employees on phishing risks and secure login practices.
- Partnering with a trusted IT provider to ensure compliance with UK data protection laws and cybersecurity standards.
We believe the shift to password less authentication is not just a technical upgrade, it is a strategic move to protect your business.
Speedster IT Guide – Protecting Your Business from Password Threats with MFA and Passkeys
We have put together a list of questions with answers we are often asked, when moving to a passwordless future.
- Are passwords still safe for business accounts?
No, passwords are the most common entry point for cyberattacks and should no longer be relied on alone. - What are the risks of not using MFA or passkeys?
Your business is exposed to phishing, credential theft, and account takeover. - Can passkeys prevent phishing attacks?
Yes, passkeys are phishing-resistant and do not rely on shared secrets like passwords. - How do I set up passkeys for my business?
Enable passkeys via your identity provider or device settings, Speedster IT can do this for you. - Can passkeys replace passwords for all employees?
Yes, with compatible devices and proper rollout planning. - How can UK businesses transition to passwordless authentication?
Start with MFA, then phase in passkeys across supported platforms with staff training. - What is the cost of implementing MFA and passkeys?
Most MFA tools are low-cost or included in existing subscriptions; passkeys require minimal investment. - Are passkeys compliant with UK data protection laws?
Yes, they enhance data protection and align with GDPR by reducing credential exposure. - How do I train staff to use MFA and passkeys?
Use visual guides, workshops, and hands-on sessions. Speedster IT offers tailored Cyber Security Training for Employees. - What are the best MFA tools for small businesses?
WatchGuard Authpoint, Microsoft Authenticator, Google Authenticator are reliable and easy to deploy. - Should we stop using passwords altogether?
Yes, where possible, replacing passwords with passkeys reduces risk and improves user experience. - What is the future of login security for businesses?
Passwordless authentication will become the norm, led by biometrics and device-based credentials. - How do passkeys fit into a Zero Trust strategy?
Passkeys strengthen identity verification, a core pillar of Zero Trust, by removing vulnerable passwords.
Cyber insurers are increasingly requiring MFA and passkeys as part of their risk assessments and policy conditions.
As cyber threats grow more sophisticated, insurers are tightening their underwriting criteria, especially around identity protection. Multi-Factor Authentication (MFA) and passkey-based login systems are no longer just best practices; they’re becoming baseline requirements for cover. Many insurers now scrutinise whether businesses enforce MFA across critical systems, including email, remote access, and admin consoles.
Likewise, passkeys phishing-resistant credentials backed by biometrics or device-based authentication, are gaining traction as a preferred alternative to passwords. Organisations that fail to implement these controls may face higher premiums, reduced coverage, or even denial of claims following a breach.
By adopting MFA and passkeys, businesses not only strengthen their security posture but also demonstrate cyber maturity, an increasingly vital factor in securing affordable, comprehensive cyber insurance.
Next Steps with Speedster IT
If your business has not yet adopted MFA or passkeys, now is the time. Speedster IT offers:
- Security audits and risk assessments
- MFA and passkey implementation
- Staff training and onboarding
- Ongoing support and compliance guidance
Speedster IT is here to help UK businesses stay ahead of evolving threats. If you would like support implementing MFA, passkeys, or a full cybersecurity audit, contact our expert team today.
Let us secure your business together.
With over 15 years at Speedster IT, I’ve built a career around helping businesses navigate the evolving world of technology. I publish all the content for the IT Support London Blog and Cyber Security Blog, where I share practical insights on infrastructure upgrades, cybersecurity trends, and smart IT strategies for growing companies.
