With more employees working remotely, many businesses are having to shift their security strategy accordingly. That means accounting for more personal devices, home WiFi networks, and the digital sharing of more information than ever. The challenges don’t stop there. When it comes to protecting businesses, it may be surprising to know that the bad password habits practiced by employees at home can affect the workplace, too.
As our new Psychology of Passwords study reveals, fear of forgetting passwords leads many people to use weak passwords. Those unsafe security habits at home then affect how employees think about passwords in the workplace, too. Every single password-protected account in a business is a potential entryway for would-be hackers to steal valuable information and money. That’s why it’s essential for IT admins to understand the motivation behind employee password behavior, so they can start to change it for the better and reduce the potential for a data breach. And it’s also important for end users to understand their behavior so they can see how it can put their employer at risk.
Protecting work accounts isn’t a priority for users
In a survey of 3,250 respondents from around the world, we found that 66% of respondents always or mostly use the same password for their accounts. And that’s even though most people – 91%! – say they know that using the same password is a security risk. When people do create strong passwords, it’s not often for their work accounts, unfortunately.
When asked which accounts they create stronger passwords for: 69% said financial, 47% said email, 31% said medical records, and less than a third (29%) said work accounts.
Clearly, people are more worried about protecting their own money and personal information. That’s not to say they want to put their employer at risk, but password security at work just isn’t top of mind for most.
Work accounts don’t always get MFA protection
Though weak, guessable passwords are a security hazard, multifactor authentication (MFA) can counteract some of those risks. MFA requires information beyond a password, like a fingerprint or temporary code, before access is granted to an account. Encouragingly, many of our survey respondents were aware of and regularly use MFA for added protection of online accounts.
54% of respondents said they use MFA for their personal accounts, but only 34% use it for work related accounts. Of the personal accounts for which they have multifactor authentication enabled, the top two responses were financial accounts (62%) and email (45%).
Again, it seems that protecting their money and personal information comes first, but the high usage of MFA on personal devices suggests that businesses could require more employees to use MFA.
Fixing personal and work passwords with a password manager
This year’s Psychology of Passwords study has a few key takeaways for business admins looking to improve the security of their organization.
First, employees are still using weak passwords, at home and at work, despite understanding the risks. People are so afraid of forgetting their passwords and dealing with the inconvenience of resets, that they default to easy, guessable passwords that are reused across accounts.
Second, if they are going to use a strong password and protect their accounts with MFA, employees are more likely to do it for their financial and email accounts than for their work accounts. They likely don’t mean harm to their employer, but it’s just not top of mind for them.
In summary, to make strong passwords the default in the workplace, you need to make it easy for employees to create and use them. That means deploying a business password solution that creates, remembers, and fills passwords for the employee. Without the need to think up their own passwords or recall them when logging in, employees no longer have to worry about forgetting and resetting them. A built-in password generator ensures every password is unique and random, making it easy to have a different strong password for every work account.
 Survey conducted by Lab42 with respondents from Australia, Brazil, Germany, UK, US, Singapore