According to Keeper Security’s Workplace Password Malpractice report, many remote workers do not follow password security best practices.
Password security was an issue even before the advent of widespread remote working. So what happened after the pandemic? Keeper Security Workplace Password Error Report sought to know.
In February 2021, Keeper surveyed 1,000 employees in the United States about their work-related password habits – and found that many remote workers let password security slip through.
Here are 5 critical password security rules they ignore.
1 – always use strong passwords
Strong passwords are at least eight characters long (preferably more) and consist of random strings of letters, numbers, and special characters. Passwords should never include dictionary words, which are easy to guess, or personal details, which cybercriminals can extract from social media.
- 37% of Keeper’s survey respondents said they used their employer’s name as part of their work-related passwords
- 34% used their significant other’s name or birthday
- 31% used their child’s name or date of birth
2 – Use a unique password for each account
Some things should never be recycled, like passwords. When employees reuse passwords across multiple accounts, they dramatically increase the risk that their employer will be breached.
Unfortunately, 44% of Keeper’s survey respondents admit to reusing passwords on their personal and work accounts.
3 – Store all passwords securely, with full encryption
Using a strong, unique password for each account is just a starting point. Employees should also store their passwords securely. Keeper’s investigation showed that they don’t do this:
- 57% of respondents write their passwords on sticky notes and 62% write their passwords in a notebook or journal, which anyone else living or visiting can access.
- 49% store their passwords in a document saved in the cloud, 51% use a document stored locally on their computer, and 55% save them on their phone. Since these documents are not encrypted, if a cybercriminal violates the cloud drive, computer or mobile phone, they can open the employee password file.
4 – Never share work-related passwords with unauthorized people
Work passwords are confidential business information that employees should never share with anyone outside the organization, not even their spouse. Keeper’s survey found that 14% of remote workers shared work-related passwords with a spouse or loved one, and 11% shared them with other family members.
5 – Password sharing in the workplace is acceptable, but only if done securely, with full end-to-end encryption
Passwords shared in the workplace can be done safely if employees share passwords using a secure method, and passwords are only shared with authorized parties. However, Keeper’s survey found that 62% of respondents share passwords through unencrypted emails or text messages, which can be intercepted in transit.
Keeper helps organizations prevent password abuse in the workplace
Keeper’s enterprise-grade password security and encryption platform helps organizations prevent password errors – and password-related cyberattacks – by giving IT administrators complete visibility into practices employee passwords, as well as the ability to enforce company-wide password security policies.
- Integrates seamlessly into any IAM technology stack. Keeper integrates with Azure, AD, LDAP, and SSO, making it an essential part of any modern IAM strategy.
- Automatically generates strong and unique passwords. Keeper automatically generates strong, random, and unique passwords for each account and application.
- Securely stores passwords in an encrypted digital safe. Every employee gets an encrypted digital safe that they can access from any device, running any operating system.
- Gives IT administrators full control over employee password behavior. Using Keeper’s administration dashboard, security personnel can easily configure password security rules, such as length, complexity, and sharing capabilities.
- Allows secure password sharing. Sharing can only be done between authorized users, and Keeper’s zero-knowledge encryption methods ensure that only the user can access and decrypt their stored files. Recordings and files at rest and in transit are always encrypted.
- Offers your employees a benefit in kind at no additional cost. All users protected under a Keeper Business account get a Keeper Family free plan at no additional cost to your organization.
Password security is the foundation of cybersecurity, and it’s especially important in a remote working world. It is impossible to secure your organization without first securing the passwords of your employees.
Keeper deploys in minutes, is easy to use for all employees, and scales to the size of your organization. Sign up for a 14-day free trial of Keeper now, and start protecting your organization against password abuse.