Skip to main content

An unbelievable number of people can still break into old work accounts

passwords
(Image credit: Natty_Blissful / Shutterstock)
Audio player loading…

Many businesses are not doing enough to control access to work-related accounts, despite the distinct threat posed by insiders, new data suggests.

According to a report (opens in new tab) from authentication firm Beyond Identity, almost a quarter of people still have access to accounts from previous jobs, exposing companies to data theft and sabotage by disgruntled ex-employees.

Based on a poll of 1,000 workers, the report also highlights dangers associated with password (opens in new tab) sharing, which is commonplace across many businesses. Of those surveyed, just under half (41.7%) admitted to sharing workplace passwords with either co-workers, contractors, or family and friends.

Data shared exclusively with TechRadar Pro shows that password sharing goes on most frequently among employees in management positions, many of whom are likely to have access to a significant quantity of sensitive corporate data.

Ironically, employees of this type were also most likely to say that password sharing should be made a sackable offence, highlighting a wilful disregard for password best practices.

Password security

The reason for poor password hygiene almost always comes down to convenience, with under-pressure employees seeking ways to streamline workflows and avoid friction associated with measures such as two-factor authentication.

Almost half of respondents said that strict password policies have a direct impact on productivity and, for this reason, one in ten rarely or never change their passwords (with the rate rising to 20% among small companies). 

Many employees also use a single universal password across work and personal accounts, increasing the risks associated with credential stuffing attacks, should credentials be exposed in a third-party data breach.

To rectify the issue, Beyond Identity has called on businesses to abandon the password forever, in favor of alternative authentication methods that are not detrimental to productivity, nor vulnerable to abuse.

"While companies do all they can to protect against the threat of cyber attacks and data breaches, they may never truly be safe without passwordless authentication. Good password hygiene hinders good product usability by causing friction during the login process. Even when businesses implement strict password policies, they can be undermined by lax password habits among employees,” explain Jasson Casey, Beyond Identity CTO.

“Reusing work passwords for personal accounts, sharing passwords among colleagues, former employees maintaining access to their credentials, and infrequently changing passwords are just some of the ways in which requiring employees to use passwords may be leaving employers’ data vulnerable."

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.