In a recent study by KnowBe4 Research, only 24% of employees save their passwords. This suggest that many employees reuse their passwords.
“Using the same, simple password at multiple locations makes you easier prey for hackers”, warned Kai Roer, Managing Director, KnowBe4 Research.
KnowBe4 Research evaluates organisations’ security culture and has analysed the responses of over 160,000 people surveyed worldwide. These figures show that three out of four people do not write their passwords down. At the same time, other surveys show that just under 25% use a software program to keep their passwords, while half of us try and remember them.
“Most of us use a whole host of online services and systems requiring passwords, both at work and at home. By using the same password at multiple locations or a short password that is easy to remember, you are making it easier for hackers to access your accounts,” explained Roer.
KnowBe4 Research’s data shows that more than four out of five people in the banking, consulting and technology sectors do not write down or store their passwords.
For Roer, it is alarming and a little surprising that banking, consulting and technology companies have the highest proportion of employees who do not write down their passwords. “With access to so much sensitive information, the password routines in such companies should be better,” he said.
Conflicting advice
Advice about password routines has not been particularly consistent over the years, while the number of sites and systems requiring a login password has multiplied exponentially.
For years, companies would tell employees to not write down their passwords. Then, they were asked to create complex and unique passwords. Complex passwords are difficult to remember and many employees would resolve to reusing passwords. “This is human nature. Fortunately, there are solutions,” said Roer.
The most important step is to save your passwords somewhere no one else has access. Like on a mobile phone or a good, old-fashioned notebook. So-called ‘password managers’, software that remember your passwords for you, are a safe and recommended solution. Apple’s keyring is a good example. At work, IT departments should have recommendations for the type of ‘password manager’ you should be using.
“If you haven’t yet made a New Year’s resolution, I have a suggestion. Do a thorough clean-up of your passwords. This is a simple, but extremely important resolution that is easy to keep. If you are unsure whether it’s worth your time, visit the website ‘Have I Been Pawned’. There you will find almost 10.5 billion stolen usernames and passwords,” he added.