Quarter of Staff Duplicate Passwords, Survey Finds

World Password Day. Survey from law firm Womble Bond Dickinson finds 25 percent of staff duplicate their passwords

On world password day, a new survey has exposed some of the bad authentication habits that an organisation’s staff may have.

The independent survey of 3,000 people from international law firm, Womble Bond Dickinson (WBD) revealed that many employees are practising poor password hygiene between the home and the workplace, with 25 percent of people admitting to using the same password across their devices.

It comes on World Password Day, designed to create awareness about the importance of strong passwords, and why everyone should change their passwords once every few weeks. It goes without saying that weak or compromised passwords can put people’s digital identities and personal information at risk.

Password reuse

The finding from the Womble Bond Dickinson survey that 25 percent of respondents duplicate passwords for both work and personal use, does raise an interesting question.

Are those 25 percent just the ones who actually admit reusing their passwords?

This is a pertinent question bearing in mind as the gateways to people’s digital identities come increasingly under attack.

The Womble Bond Dickinson survey also found that the least safety conscious were Gen Z digital natives (18-24-year-olds) with almost 40 percent using the same passwords for both work and personal use.

At the other end of the scale, the boomer generation (55-64-year-olds) appear to be more cautious, with 89 percent claiming to never duplicate passwords.

“In today’s rapidly digitising world, strong password practices are more critical than ever, providing a vital barrier to cybercriminals – particularly in the corporate world,” noted Andrew Parsons, UK partner and cyber security expert at WBD.

“The damage which poor password practices can have for both businesses and individuals cannot be underestimated, and we are increasingly seeing a rise of attacks and breaches due to people innocently using the same security passwords both in and outside of work,” said Parsons.

“What our survey demonstrates is that more needs to be done to train employees on good password habits and that this needs to happen more frequently,” Parsons added. “This is likely why we see greater security awareness amongst the boomer generation, as they are likely to have had had more time in the workplace and opportunities for training. Those recently out of education haven’t necessarily had the exposure or guidance a work environment might otherwise provide on cybersecurity matters.”

“In today’s culture of working from home, particularly amongst younger age groups, there has never been a more critical time for companies and individuals to be fully clued up when it comes to password security,” Parsons said. “Knowledge is most definitely power when it comes to equipping people with the tools to deter a cyber-criminal.”

Human error

Womble Bond Dickinson cited the March 2021 cyberattack that Chinese hacking group Hafnium carried out against tech giant Microsoft.

That attack impacted local government agencies and various businesses, and was because Hafnium gained access in two ways, an undisclosed Exchange vulnerability and stolen passwords.

“Human error is a password hacker’s dream and, likewise, human behaviour plays a vital role in ensuring organisations and people are protected,” said Parsons.

“In an ever-increasingly digital world, businesses must follow specific guidance if they want to combat cyber threats,” Parsons added. “In addition to always keeping work and personal passwords separate, there are numerous steps organisations can take to protect their workforce and wider business.”

“These include creating long and unique passwords for all accounts, never sharing passwords (in particular, via text or email), prompting staff to regularly change their passwords and turning on two-factor authentication for all important accounts.”

“Ensuring everyone in your organisation has had regular training, as well as possessing a level of consciousness about their own password and overall digital security is key,” Parsons said.