Five Critical Password Security Rules Your Employees usually Ignore

As per the details in Keeper Security’s Workplace Password Malpractice report, it has been found that many remote workers do not follow password security best practices.


Remote working as we all know has become quite wide spread after the pandemic but it is a known fact that Password security was an issue prior to the uncertainty too. But what changes took place post the pandemic? Keeper Security Workplace Password Error Report sought to know.

During February 2021, 1,000 employees in the United States were surveyed by Keepers about their work-related password habits – the report found that many remote workers failed to maintain strong passwords and dented their security.

Here are 5 critical password security rules employees ignored.

1 – Strong passwords

As per security criterion, strong passwords should be at least eight characters long and also include random strings of letters, numbers, and special characters. One should never keep passwords which have dictionary words, which are easy to guess, or one’s with personal details which cybercriminals can easily infer from social media.

37% of Keeper’s survey respondents said they used their employer’s name as part of their work-related passwords

34% used their significant other’s name or birthday

31% used their child’s name or date of birth

2 – Unique password for each account

It is advisable to use unique passwords for every platform one uses or creates a login account. Reports have found that when employees use the same passwords across multiple accounts, they are at increased risk of security breach.

44% of respondents from Keeper’s survey have confessed to reusing passwords on their personal and work accounts.

3 – Store all passwords securely, with full encryption

After choosing a strong password, employees should also store their passwords securely. Keeper’s investigation stated the following:

57% of respondents write their passwords on sticky notes and 62% write their passwords in a notebook or journal, which anyone else living or visiting can access.

49% store their passwords in a document saved in the cloud, 51% use a document stored locally on their computer, and 55% save them on their phone. Since these documents are not encrypted, if a cybercriminal violates the cloud drive, computer or mobile phone, they can open the employee’s password file.

4 – Never share work-related passwords with unauthorized people

Work passwords are quite confidential business information and therefore employees should never share with any outsider. It was found in Keeper’s survey that 14% of remote workers shared work-related passwords with a spouse or loved one, and 11% shared them with other family members.

5 – Password sharing in the workplace is acceptable, but only if done securely, with full end-to-end encryption

If it is required for one to share the passwords at workplace, it can be done safely by a secured method, and should only be shared with authorized parties. However, Keeper’s survey found that 62% of respondents share passwords through unencrypted emails or text messages, which can be intercepted in transit.

Keeper basically helps organizations prevent password abuse, password errors – and password-related cyber-attacks – by giving IT administrators complete visibility into practices employee passwords, as well as the ability to enforce company-wide password security policies.

Password security forms the foundation of cybersecurity, and it’s importance cannot be ignored in a remote working world. It is quite impossible to simply secure your organization without securing the passwords of your employees. Both are equally important.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.