Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
Keeper surveyed over 1,000 employees in various industries regarding their password-related behavior – the results were alarming.
A Few Highlights
Save passwords on sticky notes
Save passwords in unprotected, plain-text documents
Share passwords by text message and email
Read the full report below to learn about these password-related security issues and how to protect your organization against the most common cyber attack vector.
Poor password hygiene in the workplace was a threat to organizational cybersecurity even before the COVID-19 pandemic. When COVID-19 forced organizations worldwide to rapidly deploy and secure remote workforces, teams began connecting to organizational resources remotely, in environments that their employers did not control, many times using their own devices.
Respondents to the Ponemon Institute’s Cybersecurity in the Remote Work Era: A Global Risk Report, commissioned by Keeper Security in 2020, expressed grave concerns over password security in their organizations:
The pandemic pushed organizations to rapidly deploy a host of new technologies to keep remote employees connected, collaborating, and working. From Zoom to Google Workspace to Slack, employees had to sign up for yet more online accounts — and keep track of yet more passwords.
Keeper wondered how much password security had changed since companies moved to remote work environments. Were remote employees following simple best practices to secure their passwords, or were they falling prey to “password fatigue” and engaging in bad habits that lead to significant cybersecurity risks? This is why Keeper, in partnership with Pollfish, conducted the Workplace Password Malpractice Survey.
While Ponemon surveyed organizational leaders, we decided to go straight to employees for this survey, and we queried 1,000 full-time workers in the United States about their password habits. The survey was completed in February 2021, and consisted of only individuals who used passwords to log into work-related online accounts
Following are the most important findings from the survey. The full data can also be viewed here.
Our survey found that U.S. employees are not following best practices when storing and tracking their work-related passwords, presenting major cybersecurity risks for their employers
Using a pen and paper to keep track of passwords has become even more problematic in the remote work world. Most workers (66%) say that they’re more likely to write down work-related passwords when working from home than they are while working in the office.
Even when using digital methods to track and store their passwords, U.S. employees are engaging in poor password security practices.
Storing passwords in unencrypted files is extremely risky. All a cybercriminal needs to do is breach the cloud storage, computer, or mobile device and they can access all of the employee’s passwords.
A strong, random password consists of a random string of uppercase and lowercase letters, numerals, and special characters. However, many respondents admitted to using passwords that contain personal details, which cybercriminals can easily find on social media channels.
Password re-usage between personal and work-related accounts has become a big cybersecurity risk for companies, with 44% of respondents admitting to reusing passwords across personal and work-related accounts and 53% admitting to keeping password-protected personal accounts on their work devices.
Many U.S. employees are not exercising care regarding whom they share their work-related passwords with. This puts organizations at risk of being breached should these passwords wind up in the hands of someone who is careless or who has malicious intentions.
Even absent a data breach, an employer could be found out of compliance and assessed very large penalties if it is discovered that unauthorized parties have viewed compliance-protected data.
Our survey found that shared passwords in the workplace are common.
The best thing to do is to give every user a unique password for every work-related account or application, which can be practically done by utilizing the use of an Enterprise Password Management (EPM) platform. Password-sharing in the workplace is safe if the passwords are shared securely, and if passwords are shared only with unauthorized parties.
Our survey results indicate that many U.S. employers are not exercising risk mitigation strategies to help ensure safe password-sharing.
Adopting and implementing an enterprise password management platform such as Keeper Enterprise would cure the password malpractice uncovered in this survey. Keeper’s zero-knowledge password encryption and zero-trust framework provides advanced password management, secure sharing, and other security capabilities.
IT administrators and leaders gain complete visibility and control into employee password practices, including:
The Dark Web contains over 15 billion stolen login credentials. Discover if your organization’s passwords have been stolen in a data breach by scanning your email for free.
Get results instantly.
Keeper helps protect your company from employee password malpractice with our enterprise password management (EPM) platform.
Enforce minimum password strength requirements and see who is using weak or reused passwords with the Admin Console.
Plus, each business user gets a free family account so that they can protect their own personal logins as well.
While passwords are one of the most important barriers to keeping companies secure, we know there are other things employees can do to help.
Take a look at this infographic with 7 items you should include in your training program that will help improve cybersecurity.