3 min read

Employees Share an Average of 8 Passwords between Personal and Work Accounts, Survey Shows

Silviu Stahie

May 08, 2020

Employees Share an Average of 8 Passwords between Personal and Work Accounts, Survey Shows

A new survey reveals a worrying habit of people reusing old passwords in enterprise environments, not to mention employees sharing the same password between private and work accounts. 

Compromised credentials are responsible for 80% of hacking-related breaches, and one reason is that people continue to use compromised, weak or old passwords. While some organizations take drastic measures and don’t let employees use the same password twice or oblige them to choose a robust password, it’s almost impossible to prevent password sharing. 

Keeping track of multiple passwords is not easy, but it’s essential. Using a password manager is the ideal scenario, but not many employees invest the time and effort. They often rely on the wrong solutions, such as sharing the same passwords on numerous accounts, or worse, combining work and personal credentials. 

A Balbix survey sampling data from more than 10,000 users across all major industries came back with a lot of interesting and worrying data. The most significant issue seems to be that more than 99% of all users reuse passwords, either across work accounts or between work and personal accounts. 

Also, the same password is shared on an average of 2.7 accounts, with the average user having 8 passwords shared between work and personal accounts. 

Even if people don’t reuse passwords, they often choose to alter it slightly. In fact, 68% of users prefer this method for new passwords, while 32% substitute the letter with symbols or numbers. Only 28% take the time to generate random numbers or words, and 17% use a sentence. Surprisingly, 6% of users choose to roll dice with words on them to find a new password. 

Compromised credentials are used in various types of attacks, such as password spraying, which involves trying the most common passwords to gain access to accounts. 

Another type of attack is called credential stuffing, which means that bad actors will use leaked credentials until they find something that works. 

Besides using unique and strong passwords, users have to adopt a multi-factor authentication (MFA) method. Unfortunately, only 11% of all enterprise accounts use this level of added security.

tags


Author


Silviu Stahie

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

View all posts

You might also like

Bookmarks


loader