TL;DR: Password-security cartoons and shareable images are being packaged for onboarding, training, and internal communication to make strong, unique passwords easier to teach and remember, according to Bitwarden. The operational value is real, but only if teams pair awareness content with enforcement, password managers, and lifecycle controls.
NHIMG editorial — based on content published by Bitwarden: password-security cartoons and shareable awareness assets
Questions worth separating out
Q: How should security teams use password education without overrelying on it?
A: Security teams should use password education to reinforce the behaviour they want, not to replace the controls that make it possible.
Q: Why do users still reuse weak passwords even after training?
A: Users reuse weak passwords when the cost of doing the right thing is higher than the cost of taking a shortcut.
Q: What breaks when password guidance is not tied to workflow design?
A: What breaks is behaviour consistency.
Practitioner guidance
- Embed password guidance into onboarding Place password education in the first access journey, where users set expectations and complete initial account setup.
- Standardise password manager enrolment Make password manager use part of default provisioning for new starters and reactivated accounts.
- Measure reuse and workaround behaviour Track signs of credential habit problems such as reused passwords, browser-saved secrets, help desk password resets, and manual sharing.
What's in the full article
Bitwarden's full blog post covers the creative assets and usage ideas this analysis intentionally leaves at the source:
- Downloadable password-security images designed for onboarding workflows and internal training use
- The specific visual themes used across the series, including emojis, characters, and password-manager messaging
- Practical suggestions for sharing the assets across communication and collaboration channels
- Copy-and-paste friendly graphics intended for team education and awareness campaigns
👉 Read Bitwarden's password-security blog post and download the awareness assets →
Password security comics: can they actually change user behaviour?
Explore further
Password awareness is necessary, but it is not a control. Cartoon-based guidance can improve recall and reduce policy resistance, but it does not change access behaviour unless the underlying identity experience also changes. Password reuse, browser storage, and shared workarounds persist when the organisation leaves users to manage complexity on their own. The implication is that awareness content should be judged against identity outcomes, not engagement alone.
A few things that frame the scale:
- 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Only 44% of developers are reported to follow security best practices for secrets management, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can organisations tell whether password controls are actually working?
A: Look for operational signals, not campaign engagement. Fewer password resets, lower reuse, reduced browser-saved credentials, and higher password-manager adoption show whether the control model is changing behaviour. If those indicators do not move, the programme is informing users but not governing access effectively.
👉 Read our full editorial: Password security cartoons aim to make strong credentials stick