A new survey reveals a worrying habit of people reusing old passwords in enterprise environments, not to mention employees sharing the same password between private and work accounts.
Compromised credentials are responsible for 80% of hacking-related breaches, and one reason is that people continue to use compromised, weak or old passwords. While some organizations take drastic measures and don’t let employees use the same password twice or oblige them to choose a robust password, it’s almost impossible to prevent password sharing.
Keeping track of multiple passwords is not easy, but it’s essential. Using a password manager is the ideal scenario, but not many employees invest the time and effort. They often rely on the wrong solutions, such as sharing the same passwords on numerous accounts, or worse, combining work and personal credentials.
A Balbix survey sampling data from more than 10,000 users across all major industries came back with a lot of interesting and worrying data. The most significant issue seems to be that more than 99% of all users reuse passwords, either across work accounts or between work and personal accounts.
Also, the same password is shared on an average of 2.7 accounts, with the average user having 8 passwords shared between work and personal accounts.
Even if people don’t reuse passwords, they often choose to alter it slightly. In fact, 68% of users prefer this method for new passwords, while 32% substitute the letter with symbols or numbers. Only 28% take the time to generate random numbers or words, and 17% use a sentence. Surprisingly, 6% of users choose to roll dice with words on them to find a new password.
Compromised credentials are used in various types of attacks, such as password spraying, which involves trying the most common passwords to gain access to accounts.
Another type of attack is called credential stuffing, which means that bad actors will use leaked credentials until they find something that works.
Besides using unique and strong passwords, users have to adopt a multi-factor authentication (MFA) method. Unfortunately, only 11% of all enterprise accounts use this level of added security.