Many (45 per cent) of workers say they could access a former employer’s systems through old, unchanged passwords, according to a survey by password management outfit Dashlane.
Around a third (30 per cert) of workers said that their employer never changes passwords, or only do so when there is an issue, and this goes some way to explaining why old login credentials still work months after they should have been revoked, said Dashlane.
A survey of 3,000 workers in three markets (UK, US, France) regarding the use of passwords in the workplace also found that more than 25 per cent of younger workers admit they regularly store passwords on scrap paper or Post-it notes.
Other common methods of sharing passwords were via email, text message and using unprotected shared spreadsheets.
The majority (60 per cent) of younger workers (16-34) admit to sharing passwords in the workplace, a fair bit higher than their middle-aged colleagues (40 per cent; a figure that’s still nothing to brag about).
“Our report reveals a lackadaisical approach to the management of company confidential data, which is being driven by the influx of 'millennials' entering the workplace,” said Guillaume Desnoës, head of European markets at Dashlane.
"Having grown up with the sharing culture of social media, this age group has become slightly casual when it comes to their security and this has the potential to have an impact in the business world," he added.
Almost half of ex employees can access accounts or subscription-based services that belong to previous employers, putting firms at risk from unauthorised use of key services. Weak password security policies are therefore leaving firms vulnerable to social media hijacking, or other unauthorised use of systems.
Security experts are split on whether writing down passwords on Post-it notes is a good idea or not. The alternative in practice might be the use of easy-to-remember passwords, which are easier to attack through brute-force attacks by hackers.
More than 70 per cent of workers quizzed as part of the survey said they don’t have or don’t know their employer's policy on sharing passwords.
Dashlane’s report, entitled Digital Indifference in the Workplace (PDF via Dropbox), explains the results of the poll in greater depth. ®