Quarter of Staff Duplicate Passwords, Survey Finds

On world password day, a new survey has exposed some of the bad authentication habits that an organisation’s staff may have.

The independent survey of 3,000 people from international law firm, Womble Bond Dickinson (WBD) revealed that many employees are practising poor password hygiene between the home and the workplace, with 25 percent of people admitting to using the same password across their devices.

It comes on World Password Day, designed to create awareness about the importance of strong passwords, and why everyone should change their passwords once every few weeks. It goes without saying that weak or compromised passwords can put people’s digital identities and personal information at risk.

Password reuse

The finding from the Womble Bond Dickinson survey that 25 percent of respondents duplicate passwords for both work and personal use, does raise an interesting question.

Are those 25 percent just the ones who actually admit reusing their passwords?

This is a pertinent question bearing in mind as the gateways to people’s digital identities come increasingly under attack.

The Womble Bond Dickinson survey also found that the least safety conscious were Gen Z digital natives (18-24-year-olds) with almost 40 percent using the same passwords for both work and personal use.

At the other end of the scale, the boomer generation (55-64-year-olds) appear to be more cautious, with 89 percent claiming to never duplicate passwords.

“In today’s rapidly digitising world, strong password practices are more critical than ever, providing a vital barrier to cybercriminals – particularly in the corporate world,” noted Andrew Parsons, UK partner and cyber security expert at WBD.

“The damage which poor password practices can have for both businesses and individuals cannot be underestimated, and we are increasingly seeing a rise of attacks and breaches due to people innocently using the same security passwords both in and outside of work,” said Parsons.

“What our survey demonstrates is that more needs to be done to train employees on good password habits and that this needs to happen more frequently,” Parsons added. “This is likely why we see greater security awareness amongst the boomer generation, as they are likely to have had had more time in the workplace and opportunities for training. Those recently out of education haven’t necessarily had the exposure or guidance a work environment might otherwise provide on cybersecurity matters.”

“In today’s culture of working from home, particularly amongst younger age groups, there has never been a more critical time for companies and individuals to be fully clued up when it comes to password security,” Parsons said. “Knowledge is most definitely power when it comes to equipping people with the tools to deter a cyber-criminal.”

Human error

Womble Bond Dickinson cited the March 2021 cyberattack that Chinese hacking group Hafnium carried out against tech giant Microsoft.

That attack impacted local government agencies and various businesses, and was because Hafnium gained access in two ways, an undisclosed Exchange vulnerability and stolen passwords.

“Human error is a password hacker’s dream and, likewise, human behaviour plays a vital role in ensuring organisations and people are protected,” said Parsons.

“In an ever-increasingly digital world, businesses must follow specific guidance if they want to combat cyber threats,” Parsons added. “In addition to always keeping work and personal passwords separate, there are numerous steps organisations can take to protect their workforce and wider business.”

“These include creating long and unique passwords for all accounts, never sharing passwords (in particular, via text or email), prompting staff to regularly change their passwords and turning on two-factor authentication for all important accounts.”

“Ensuring everyone in your organisation has had regular training, as well as possessing a level of consciousness about their own password and overall digital security is key,” Parsons said.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

9 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

13 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

14 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

1 day ago