Five Major Credentials Security Rules Your Employees Might Ignoring

Credentials security was always a major concern even before the arrival of widespread remote work. So, what happened in the post-pandemic? Keeper Security’s Workplace Password Malpractice Report wanted to find out.

In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related passwords habits – and found that most of the remote workers are letting credentials security go by the wayside.

 Below are the Critical Credentials Rules they are ignoring:

  1. Always use Strong Passwords

Strong passwords are at least eight characters long or more by preference and consist of random strings of letters, numerals, and special characters. Credentials should never consist of dictionary words, which are easy to predict, or personal information, which threat actors can extract off from social media channels.

  • 34% of used their significant other’s names or birthdays 
  • 31% have used their child’s, siblings names or birthdays
  • 37% of them used their employer’s name as part of their work-related credentials

2. Try to use a Unique Password for every account

Some things should never be reused – like credentials. When employees reuse similar passwords across the accounts, they greatly increase the risk that their employers will be hijacked.

Unfortunately, around 44% of reverts from the survey are reusing the credentials across personal and work accounts.

3. Preserve all the Credentials Securely, with Full Encryption

Using a unique, strong password for every account is only an initiating point. Employees also require preserving their credentials protected. According to the survey, it demonstrates that they are not paying attention to the below listed things:

  • 57% of reverts write down their passwords on some sticky notes, and apart from them, around 62% write down their passwords in a notebook or journals, which anyone else living in or visiting their place can easily access.
  • 49% preserve their credentials in a document saved in the cloud, 51% utilize a document preserved locally on their systems, and the rest save them on their phone. Because these documents are not encrypted, if a threat actor hijacks the cloud drive, computer, or mobile phone, they can launch the employee’s password file.

4. Never share Work-related credentials with unauthorized parties

Work credentials are confidential business data that employees should never share with anyone outside the organization, not even their spouses. The survey revealed that 25% of remote workers have shared work-related credentials with their loved ones.

5. End-to-End Encryption

Share credentials at your workplace can be done safely if employees share their credentials using a secure method, and the passwords are transmitted only with authenticating parties. However, from a survey, we founded that 62% of reverts share their credentials through encrypted email or text messages, which can be intercepted in transit.

Keeper helps Organizations Avoid Workplace Passwords Malpractice

Keeper’s enterprise-grade password security and encryption platform help organizations prevent credentials malpractice – and password-related Cyberattack – by giving IT administrators complete visibility into employee password practices, as well as the ability to enforce password security rule company-wide:

  • Seriously Integrates into Any IAM Tech Stack
  • Automatically Generates Strong, Unique Passwords
  • Securely Preserves Credentials in an Encrypted Digital Vault
  • Gives IT admin Complete Control Over Employee Password Behavior
  • Enable Secure Password Sharing 
  • Provides your Employees with Fringe Advantages, at no Advanced Cost

Credentials Security is the foundation of cybersecurity, and it’s especially essential in a remote work world. It’s impossible to protect your organizations without the first security of the employee’s passwords.

Keeper set up within minutes is simple for all employees to use, and scales to the size of the organization. Sign up for a 14-day free trial of keeper now, and initiate securing your organizations from credentials malpractice.

Leave a Reply