Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits — and discovered that a lot of remote workers are letting password security go by the wayside.
Here are 5 critical password security rules they’re ignoring.
1. Always Use Strong Passwords
Strong passwords are at least eight characters long (preferably more) and consist of random strings of letters, numerals, and special characters. Passwords should never include dictionary words, which are easy to guess, or personal details, which cybercriminals can scrape off social media channels.
- 37% of respondents to Keeper’s survey said they’ve used their employer’s name as part of their work-related passwords
- 34% have used their significant other’s name or birthday
- 31% have used their child’s name or birthday
2. Use a Unique Password for Every Account
Some things should never be recycled — like passwords. When employees reuse passwords across accounts, they greatly increase the risk that their employer will be breached. Unfortunately, 44% of respondents to Keeper’s survey admit to reusing passwords across personal and work accounts.
3. Store All Passwords Securely, With Full Encryption
Using a strong, unique password for every account is only a starting point. Employees also need to store their passwords securely. Keeper’s survey demonstrated that they’re not doing that:
- 57% of respondents write down their passwords on sticky notes, and 62% write down their passwords in a notebook or journal, which anyone else living in or visiting the home can access.
- 49% store their passwords in a document saved in the cloud, 51% use a document stored locally on their computer, and 55% save them on their phone. Because these documents aren’t encrypted, if a cybercriminal breaches the cloud drive, computer, or mobile phone, they can open the employee’s password file.
4. Never Share Work-Related Passwords With Unauthorized Parties
Work passwords are confidential business information that employees should never share with anyone outside the organization, not even their spouses. Keeper’s survey revealed that 14% of remote workers have shared work-related passwords with a spouse or significant other, and 11% have shared them with other family members.
5. Password-Sharing Within the Workplace Is Okay, but Only If It’s Done Securely, With Full End-to-End Encryption
Shared passwords in the workplace can be done safely if employees share passwords using a secure method, and the passwords are shared only with authorized parties. However, Keeper’s survey discovered that 62% of respondents share passwords through unencrypted email or text messages, which can be intercepted in transit.
Keeper helps organizations prevent workplace password malpractice
Keeper’s enterprise-grade password security and encryption platforms help organizations prevent password malpractice — and password-related cyberattacks — by giving IT administrators complete visibility into employee password practices, as well as the ability to enforce password security rules company-wide.
- Seamlessly integrates into any IAM tech stack. Keeper integrates with Azure, AD, LDAP, and SSO, making it a critical part of any modern IAM strategy.
- Automatically generates strong, unique passwords. Keeper automatically generates strong, random, unique passwords for every account and app.
- Securely stores passwords in an encrypted digital vault. Each employee gets an encrypted digital vault that they can access from any device, running any operating system.
- Gives IT admins complete control over employee password behavior. Using the Keeper admin dashboard, security personnel can easily configure password security rules, such as length, complexity, and sharing capabilities.
- Enables secure password sharing. Sharing can only be done between authorized users, and Keeper’s zero-knowledge encryption methods ensure that only the user can access and decrypt their stored files. Records and files both at rest and in transit, are always encrypted.
- Provides your employees with a fringe benefit, at no additional cost. All protected users under a Keeper Business account get a free Keeper Family plan at no additional cost to your organization.
Password security is the foundation of cybersecurity, and it’s especially important in a remote work world. It’s impossible to secure your organization without first securing your employees’ passwords.
Keeper deploys within minutes, is simple for all employees to use, and scales to the size of your organization. Sign up for a 14-day free trial of Keeper now, and start protecting your organization from password malpractice.