A study of 1,000 US employees by Keeper Security has found a majority are using sticky notes to store their work-related passwords.
Keeper’s Workplace Password Malpractice Report – conducted in February 2021 – found not only were passwords not being stored electronically, but employees admitted to having lost the sticky notes with their passwords on.
The security technology firm highlighted these findings are presenting an ‘unprecedented cybersecurity risk for their organizations’.
According to the report, more than half (57%) of employees surveyed were writing work-related passwords on notes. Two thirds (66%) of respondents had lost these notes. Keeper claims this latter fact makes it difficult to know who ultimately has access to sensitive company information.
A majority of the employees (62%) claimed they have a notebook or journal where they stored passwords and logins, while 81% said they kept these notebooks close or next to their work devices, where they could be accessed by any passer-by. The report highlighted this latter trend has increased since the shift to remote working, with 66% respondents stating they’re more likely to write down work passwords while working at home.
Sharing passwords is popular
A majority of respondents (62%) claimed they’ve also shared a work-related password over email or text message, a process which could be potentially intercepted by cybercriminals. Almost half (46%) stated that their company directed employees to share passwords for accounts used by multiple people. Furthermore, 34% of employees shared their passwords with colleagues on the same team and 31% shared this information with their managers. Meanwhile, 14% of respondents shared work-related passwords with a partner.
Quite worryingly, nearly a third of those surveyed (32%) admitted to having logged onto an online account that belongs to a former employer. Keeper noted best security practices dictate that an employee’s accounts should be disabled as soon as they leave the company.
Online password safety shaky
Alongside the study highlighting areas for improvement, it was found that a majority of employees (53%) kept password-protected personal accounts on their work devices, while 44% currently use the same password for both personal and work-related accounts.
In addition, 49% of respondents currently save work-related passwords in a document in the cloud. 51% stated they save passwords in a document in their desktop, while 55% save work-related passwords on their phone.
Personal details remain key password pick
The report found 37% of employees have used their company’s name when forming a new password, while another 34% used their significant other’s name or birthday. Additionally, 31% of respondents used their child’s name or birthday when creating a work-related password.
Keeper Security CEO and co-founder Darren Guccione said, “The transition to a remote working environment has led to even more reckless password management practices, which is very worrying.
“As most employees work from the comfort of their homes, they have become too comfortable with how they create, store and then share these passwords with family and colleagues. The lack of cybersecurity hygiene not only puts the individual at risk but can also present a wide range of negative consequences for their organization. It’s important to remember that following proper security guidelines in a work-from-home environment is just as critical as in an office environment.”
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst