Stop using sticky notes to write down passwords

(Image credit: Shutterstock)

A majority of employees still regularly scribble work-related passwords on sticky notes, putting them at risk of cyberattacks, a new survey has warned.

The cavalier attitude towards passwords was discovered as part of the survey commissioned by Keeper Security, makers of the Keeper password manager, based on interviews with a thousand US-based employees.

Worryingly while 57% of the respondents say they have scribbled work-related passwords on sticky notes, a sizable majority (67%) also admit to losing track of these notes at some point. 

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Keeper suggests that the trend of jotting passwords on paper seems to have accelerated in the post Covid-19 remote-first work environment. The survey found two-thirds (66%) of those surveyed agreeing that they’re more likely to write down work-related passwords when working from home than they are while working in the office.

Poor password management

Despite the widespread availability of password managers, most respondents continue to store password unencrypted even when storing them digitally.

The report has several evidence of such poor password security practices. For instance, 49% of the respondents save work-related passwords in an unencrypted document in the cloud. A higher number (51%) just simply bung the password in a document that’s saved on their computers

The most popular digital means of storing the password though is the phone, with 55% of the respondents choosing to make a note of their work-related passwords on the device that’s easy to break into, or get stolen.

On top of all this, the passwords too are usually weak and easy to guess, with 37% of the respondents using their employer’s name, significant other’s name or birthday in a work-related password.

Another example of poor password management is that 44% employees admit to using the same password for both personal and work-related accounts.

And it’s not just the employees. The survey finds that often poor password management practices extend from the top. 

Nearly half of respondents (46%) report that their company encourages sharing passwords for accounts that are used by multiple people. 

Furthermore, around 32% have admitted to accessing an online account belonging to a previous employer, which is a clear indication that many employers don’t disable accounts when employees leave the company.

"The transition to a remote working environment has led to even more reckless password management practices, which is very worrying," said Darren Guccione, CEO and Co-Founder of Keeper Security. 

"As most employees work from the comfort of their homes, they have become too comfortable with how they create, store and then share these passwords with family and colleagues. The lack of cybersecurity hygiene not only puts the individual at risk, but can also present a wide range of negative consequences for their organization. It's important to remember that following proper security guidelines in a work-from-home environment is just as critical as in an office environment."

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.