Nearly 50% of IT, security, and cybersecurity companies are still storing passwords in spreadsheets and shared office documents, leaving organizations and employees at risk of security breaches.
According to a survey conducted by Pulse on behalf of cybersecurity company Hitachi ID, 46% of company directors and vice presidents state that company passwords are stored in shared documents, even though 93% of respondents provide password management training and 63% hold training more than once per year.
Having a shared document with passwords could easily lead to cybersecurity breaches, allowing threat actors to get access to a significant number of employee accounts. In fact, as the survey points out, 29% of respondents say they’ve experienced an incident in the past year where they lost access to product systems after an employee left the organization.
The study asked 100 anonymous IT, security, and cybersecurity leaders, with 80% coming from North America and 20% from the EMEA region. It also showed other methods companies use to store passwords, which included 30% using company-provided password managers, 15% using personal password managers, and 8% using physical notes such as a notebook or sticky notes.
“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” said Nick Brown, CEO at Hitachi ID.
He continues: “Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.” The study also showed that if an employee leaving the company could take passwords with them, with only 5% say they were extremely confident that wasn’t possible.
It’s always a good idea to keep your credentials secure, and the best password managers will do that. However, Google’s passwordless future means companies may not have to keep passwords in open documents anymore. Speaking of shared information, here’s what your ISP knows about you and what you can do about it.