Workers 'Fess Up to Unsafe Password Practices

Passwords remain central to cybersecurity, even though most people don’t handle them effectively despite high-profile data breaches becoming the norm. In a recent survey, almost half of US workers admitted to unsafe password practices of various stripes.

Only 56% of employees surveyed in research from Software Advice are confident that their password usage habits in the workplace are secure. And, many employees are not required to follow basic best practices at work: Only 54% say creating complex passwords is mandatory. Also, a mere 17% of employees are using multi-factor authentication to enhance their password security at work. That’s slightly above the 14% of employees that report using any form of biometric authentication (e.g., fingerprint scans) in the workplace.

On the positive side, password reuse is less endemic in the workplace than among consumers, with only 31% of employees admitting to this versus 69% of consumers. Yet, the average person now has a whopping 19 passwords to remember.

“In the wired 21st century, passwords are proliferating at an alarming rate,” the firm said in the report. “It’s no surprise, then, that users often succumb to password fatigue and commit such security sins as using passwords based on names or words culled from a dictionary, reusing passwords or writing them down on pieces of paper that are left lying around the office.”

The rules for strong passwords are well-known, the firm points out: at least eight characters, plus a mix of upper and lowercase letters, symbols and numbers. Delving deeper into the report, it turns out that 29% of respondents say their password choices are “extremely secure,” while 27% opt for “very secure.” This makes for a slim majority of 56% who are confident in the strength of their passwords.

“However, a 56% confidence rate is hardly reassuring,” the report noted. “After all, if only 56% of US surgeons were confident that their instruments were clean, millions of people would be far more reluctant to go under the knife for even routine outpatient operations.”

Meanwhile, 34% of respondents hedge their bets, choosing only “moderately secure.”

Meanwhile, other password sins are less common. Only 10% of respondents admit to using “simple” passwords, while a mere 8% admit to sharing passwords with colleagues (and only 1% admit to sharing them with people outside work). Only 4% admit to writing their passwords down on paper and leaving them visible on desks.

“Here, though, it matters who may be in that 8%,” Software Advice said. “If an employee with a high degree of access privileges shares passwords, it can be much more harmful than, for instance, if a member of the marketing department with no access to vital business data does so.”

What’s Hot on Infosecurity Magazine?