Reusing passwords in the workplace is one of the fastest ways to get your accounts compromised, but despite repeated warnings, the vast majority of employees still do it.
A Bitwarden report of 800 IT decision makers from the UK and US found that 90% reuse passwords in the workplace.
While the survey shows that many (84%) use password managers (opens in new tab)there are still plenty of people who manage their passwords using super risky methods: more than half (54%) manage passwords with documents on their computers, while 45% are just trying to remember them.
MFA on the rise
When it comes to password sharing, the security measures are no better: 38% use shared online documents, while 41% would simply share the passwords via email.
If a threat actor gains access to someone’s inbox or cloud hosting services, they can get their hands on important credentials, further exacerbating the problem. On the other hand, the good news is that almost everyone (92%) uses multi-factor authentication (MFA), up from 88% a year ago.
Despite being repeatedly declared dead in the past, passwords are still one of the most popular authentication methods both in the office and at home. People often use simple and easy-to-guess passwords (for example, “password” or “12345678”), use the same passwords for multiple services, share them with their friends and family, or leave them lying around on scraps of paper at their desks.
It is inconvenient to have strong passwords that are frequently changed. That’s why companies are turning to password managers or passwordless solutions. Biometric authentication (fingerprint scanners, facial recognition software, and the like) and passwords are becoming increasingly popular.
In fact, Bitwarden’s report claims that about half of respondents use passwordless technology or have plans to deploy. Of that number, two-thirds (66%) have 1-2 user groups or multiple teams using passwordless technology, and 13% have already implemented them across their organization.
“Our research shows that companies are looking beyond passwords and want new technologies that reflect passwordless workflows, which should come as no surprise,” said Bitwarden CEO Michael Crandell.
“While strong and unique passwords are very effective at protecting data, weak or reused passwords that are not managed by an end-to-end encrypted password manager pose serious vulnerabilities. The Bitwarden approach takes this evolution into account, but also reflects that adoption timelines vary by company, technology and end-user preference and that security remains the number one goal for individuals and enterprises alike.”