Employees still have bad password habits, a new survey says
The recent 1008-respondent survey, conducted by Beyond Identity, shows that employees still have alarming password habits. Although the global spending on IT cybersecurity services has increased significantly ( from $52 billion in 2017 to $72 billion in 2021), little progress has been made.
Key highlights from the survey
In the June 2021 study, 1008 respondents were asked about their password habits at work. Considering it was a self-reported survey (mainly relied on honesty), the actual situation should be regarded as slightly more disturbing.
Password storage – to be improved
Although the majority (38%) of employees admitted using the password manager for securing passwords, the other methods to remember them requires extra attention:
- 34% of employees write passwords on the notes and sheets;
- 26% keep them in a document on their PCs;
- 23% save them in browsers;
- 12% email their passwords to their own work accounts.
Respondents were allowed to select a few applicable methods. However, approximately a quarter of respondents (25%) confessed they did not store passwords in any way – relied on their memory.
Secure passwords, protected with questionable methods
A third of respondents (67%) believed they have secure or very secure passwords. Although the passwords are safe, the methods of storing and managing them are not.
First, the employees at large companies mostly did not have any method to track their passwords. In fact, a quarter of respondents admitted still having access to their previous work accounts.
Also, 1 in 5 people confessed to using the same password for work as is their password for the personal bank account or an email.
Lastly, around 10% of employees disclosed they rarely or never change their passwords. The data suggested by the research raises a critical question – do the current password habits of employees in various-sized companies protect the company from a data breach?
Bad password habits raise the risk of data breach.
The 2020 Verizon Data Breach Investigations Report states that roughly 81% of data breaches were caused by poor password security. Consequently, it is not unpredictable that the data from the research reaffirms the statistics provided by Verizon.
In fact, more than 26% of respondents stated that they became the victim of the data breach in one of their work accounts. Alarmingly, as much as 14,4% of employees said they did not inform their employer about the breached work account.
So is there anything an employer can do to improve the situation in the company?
Helping the employees build the right password habits
Workers prove to make (unintentional) mistakes. It is simply a part of being human. Hence, the main takeaway from the survey for an employer is to understand the current landscape and provide employees with the means to minimize those password-related risks.
The data suggests straightforward ways to achieve the increased security.
First, to implement adequate, strict requirements that would oblige the staff to comply with the rules. This would allow staff to regard password security as a critically important principle.
Second, to provide a password manager – a tool to safely keep, share, and manage passwords. Such software simplifies password storage, sharing, and remembering practices to a level that using the tool becomes easier (and immeasurably safer) than sticking to the old password habits.
That is the power a right-fit solution to the well-understood employee’s habits provides.