Amid a growing debate about cyber hygiene practices and insider threats, the majority of corporate workers in the U.S. engaged in sloppy management of work-related passwords, according to a report released Tuesday by Keeper Security. Conducted by Pollfish, the research was based on a survey of 1,000 corporate workers.
The report shows 57% of U.S.-based corporate employees are writing passwords on sticky notes. Two-thirds of those surveyed lost the written down passwords in the past, raising questions about who actually took possession of them.
In addition, 62% of respondents said they have shared a work-related password over email or text message, which are vulnerable to cybertheft. About 46% of respondents said their company directed them to share passwords that are used by multiple people.
The report comes at a time of robust debate about password security practices and cyber hygiene in the U.S. technology sector, critical infrastructure entities and government agencies across the country.
SolarWinds, a central player in the nation-state attack against the U.S. last year, was blasted by lawmakers during February Congressional hearings amid reports that "solarwinds123" had been used as a password internally.
In addition, 60% of IT security leaders expect a sharp increase in insider threats, with more companies becoming vulnerable to inadvertent and purposeful data leaks, according to a report released in March by the Ponemon Institute on behalf of Code42.
The year-long move to remote work following the outbreak of COVID-19, appears to have accelerated already weak policies and practices of these entities, as about two-thirds of workers said they were more likely to write down passwords when they were operating from their home environments, according to the report.
"For some reason, when people move to a remote work setting, they're more lax about their password security, and they're more prone to violate or soften internal controls with respect to their employers," Darren Guccione, co-founder and CEO at Keeper Security, said in an interview.
Besides the storage of passwords, a significant percentage of workers are making poor decisions about their creation of new passwords. About 37% of respondents said they incorporated their company's name into a password and 44% are using the same password for work and personal accounts.