Worrying amount of staff members would sell passwords to outsiders

Staff members are always a potential vulnerable point when it comes to the security of a business, whether the damage caused by them is down to simple human error or actively malicious deeds, and new research has underlined a practice in the latter category.

The new survey, commissioned by SailPoint, found that 16% of employees would happily sell a password to an outsider – and more than half of those would flog off said password for a fee of £700 or less.

That figure is up a couple of percentage points on last year, as is the number of staff members who use the same password across various different applications – not a malicious action but most certainly a stupid one.

Last year, 56% of respondents said they shared passwords among applications – which as we all know is a terrible security practice for so many reasons – but that rose strongly to 65% this year.

It's bad enough when members of the public reuse the same password across services, let alone workers who are potentially exposing their company to a great deal more pain in the event of a compromise.

In-house sharing

The research (which CBR Online spotted) also highlighted the fact that a third of workers shared passwords with their colleagues in-house (by extension, increasing the risk that said password might be sold on by nefarious types, seeing as it's being spread around more staff members).

In short, businesses still have a lot to do to tighten their password security, and as ever much can be achieved by educating employees on best practice with passwords (or at the very least, avoiding worst practice).

• Google wants to eliminate passwords, but will that work in IT?