When COVID-19 forced organizations worldwide to rapidly deploy and secure remote workforces, teams began connecting to organizational resources remotely, in environments that their employers did not control, many times using their own devices.
Keeper wondered about the impact of widespread remote work on password security. Were remote employees following simple best practices to secure their passwords, or were they falling prey to “password fatigue” and engaging in bad habits that lead to significant cybersecurity risks?
This is why Keeper conducted the Workplace Password Malpractice Report, which surveyed 1,000 employees across the U.S. about their work-related password habits. The survey was completed in February 2021, and consisted of only individuals who used passwords to log into work-related online accounts.
U.S. Employees Aren’t Following Basic Best Practices for Password Security
Over half of respondents (57%) admit to writing down work-related online passwords on sticky notes, and the majority (67%) admit to having lost these notes. An even larger percentage of respondents (62%) store login credentials in a notebook or journal, and the overwhelming majority (82%) say that they keep these notebooks next to or close to their work devices, where they can be accessed by anyone else who lives in or is visiting their home.
Even when using digital methods to track and store their passwords, U.S. employees are engaging in poor password security practices. Nearly half of respondents (49%) save work-related passwords in a document in the cloud. Just over half (51%) say that they currently save these passwords in a document saved on their computer, and well over half (55%) save work-related passwords on their phone.
U.S. Employees Are Using Weak Passwords
A strong password consists of a random string of uppercase and lowercase letters, numerals, and special characters. However, many respondents admitted to using passwords that contain personal details, which cybercriminals can easily find on social media channels. Thirty-seven percent of respondents have used their employer’s name in a work-related password, 34% have used their significant other’s name or birthday, and 31% have used their child’s name or birthday.
Increasing the likelihood that a work-related password could eventually be compromised, 44% of respondents currently reuse passwords across personal and work-related accounts, and 53% admit to keeping password-protected personal accounts on their work devices.
U.S. Employees Are Sharing Work-Related Passwords With Family Members
Over the past year, 14% of respondents have shared their work-related passwords with their significant other or spouse, while 11% of respondents have shared work-related passwords with another family member.
This puts their employers at risk of being breached should these passwords wind up in the hands of someone who is careless or who has malicious intentions. Even if a data breach doesn’t occur, an employer could be found out of compliance, and assessed very large penalties, if it is discovered that unauthorized parties have viewed compliance-protected data.
Workplace Password Sharing is Common, and it’s Not Being Done Safely
Nearly half of respondents (46%) report that their company shares passwords for accounts that are used by multiple people. Over a third (34%) have shared work-related passwords with colleagues on the same team, 32% have shared work-related passwords with their managers, and 19% have shared their passwords with their executive team.
Password-sharing in the workplace is safe if the passwords are shared securely, and if passwords are shared only with authorized parties. Our survey results indicate that in many cases, passwords aren’t being shared securely. Sixty-two percent of respondents report sharing a work-related password over text message or email, which could be intercepted by cybercriminals in transit. Additionally, 32% admit to accessing an online account belonging to a previous employer, which indicates that many employers are not disabling accounts when employees leave the company.
Learn More at Our Upcoming Webinar
Do a deep dive into the Workplace Password Malpractice Survey findings. Join Keeper CEO and Co-Founder Darren Guccione, along with world-renowned author and cybersecurity expert Dr. Eric Cole, on Tuesday, April 13, at 1:00 PM CDT/2:00 PM EDT, as they discuss the findings of Keeper’s report in detail and examine how to safeguard your organization against cyberthreats. Sign up for the webinar here.