PCR Magazine May/June 2026

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

MSPs

PASSWORD PERIL Weak credential practices are leaving gaps that cybercriminals are exploiting

Chris Skipworth, CEO of Passpack, outlines the everyday password habits that are exposing MSPs and their clients to avoidable risk — and what must change to restore control.

A

Chris Skipworth, CEO of Passpack

sk any attacker where to find the most value for the least effort, and the answer would probably be the managed service

provider. MSPs hold admin credentials, privileged logins, and client system access across every environment they manage, all flowing through a single provider. Compromise one credential in the right place, and the blast radius extends far beyond a single organisation. For attackers, that leverage is worth targeting. For MSPs, it raises a profound question: Is how we manage credentials actually appropriate for the level of access we hold? MSPs oſten accumulate credentials the

way they accumulate complexity: gradually, informally, and without a clear view of the whole. A new client is onboarded, logins are handed to technicians, and systems go live. Ten another client, then another. Before long, hundreds of credentials are spread across a team with no single owner and no clear map of who has access to what, or why.

42 | May/June 2026 Smaller providers are especially exposed.

Without a defined policy, credential management defaults to whoever is most technical or whoever set the account up first. Passwords may end up in spreadsheets. Access might be shared over email. A technician leaves, and their client logins persist because no process exists to revoke them. Larger MSPs face the same issue at scale: more clients, more systems, more credentials, and more ways for access to sprawl unchecked. Te attack surface is already large; informal processes expand it further. Te breach data reflects this. CyberSmart’s

MSP research found that 69% of MSPs experienced multiple breaches in the past year. Te reason is the breadth of access they hold across client environments. Not to mention the inconsistent credential governance that could lead to access not being as controlled as it should be.

www.pcr-online.biz

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52