A majority of employees still regularly scribble work-related passwords (opens in new tab) on sticky notes, putting them at risk of cyberattacks, a new survey has warned.
The cavalier attitude towards passwords was discovered as part of the survey commissioned by Keeper Security, makers of the Keeper password manager (opens in new tab), based on interviews with a thousand US-based employees.
Worryingly while 57% of the respondents say they have scribbled work-related passwords on sticky notes, a sizable majority (67%) also admit to losing track of these notes at some point.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
Keeper suggests that the trend of jotting passwords on paper seems to have accelerated in the post Covid-19 remote-first work environment (opens in new tab). The survey found two-thirds (66%) of those surveyed agreeing that they’re more likely to write down work-related passwords when working from home than they are while working in the office.
- We’ve also rounded up the best business password managers (opens in new tab)
- Shield yourself with these best identity theft protection services (opens in new tab)
- Secure your credentials with one of the best security keys (opens in new tab)
Poor password management
Despite the widespread availability of password managers (opens in new tab), most respondents continue to store password unencrypted even when storing them digitally.
The report has several evidence of such poor password security practices. For instance, 49% of the respondents save work-related passwords in an unencrypted document in the cloud (opens in new tab). A higher number (51%) just simply bung the password in a document that’s saved on their computers (opens in new tab).
The most popular digital means of storing the password though is the phone, with 55% of the respondents choosing to make a note of their work-related passwords on the device that’s easy to break into, or get stolen.
On top of all this, the passwords too are usually weak and easy to guess, with 37% of the respondents using their employer’s name, significant other’s name or birthday in a work-related password.
Another example of poor password management is that 44% employees admit to using the same password for both personal and work-related accounts.
And it’s not just the employees. The survey finds that often poor password management practices extend from the top.
Nearly half of respondents (46%) report that their company encourages sharing passwords for accounts that are used by multiple people.
Furthermore, around 32% have admitted to accessing an online account belonging to a previous employer, which is a clear indication that many employers don’t disable accounts when employees leave the company.
"The transition to a remote working environment has led to even more reckless password management practices, which is very worrying," said Darren Guccione, CEO and Co-Founder of Keeper Security.
"As most employees work from the comfort of their homes, they have become too comfortable with how they create, store and then share these passwords with family and colleagues. The lack of cybersecurity hygiene not only puts the individual at risk, but can also present a wide range of negative consequences for their organization. It's important to remember that following proper security guidelines in a work-from-home environment is just as critical as in an office environment."
- Protect your devices with these best antivirus software (opens in new tab)