Individuals and Employers Aren’t Following Password Best Practices

Twenty percent of employers never require employees to change their passwords, a survey finds.

A survey in which 2,500 Americans were asked about their password behaviors and tendencies found a fifth of employers don’t regularly require their employees to change their work program passwords.

In addition, the survey by cybersecurity firm PC Matic revealed that nearly one-quarter of respondents use the same passwords for their home and personal accounts. Another example of a bad practice of mixing home with work is that more than half of respondents have admitted to checking their personal emails on work devices, increasing the likelihood of a malicious infection infiltrating a company’s networks.

Bad password practices exist in both personal and work use. Of those who responded that they have at least one email account, just shy of 30% are not sure when they last changed their password or never have at all.

More than 40% of respondents indicated that they remember their passwords by memory and don’t use a password manager or write them down somewhere. PC Matic suggests this could be the reason such a significant percentage of respondents haven’t changed their passwords or don’t know when they last did. In addition, the firm speculates that this finding indicates individuals are likely using the same password for multiple accounts and that their passwords are most likely not meeting complex password standards.

PC Matic’s survey results in 2020 revealed that as individuals age, they are more likely to write their passwords down. Respondents in 2021 confirmed that as well, with 47.11% of Baby Boomers preferring to write their passwords down compared with 16.63% of Millennials.

Nearly 30% of respondents are using a password manager to safeguard their password information. Millennials, however, lead the respondent groups in both remembering their passwords by memory and in the use of password managers. Nearly 50% of Millennial respondents indicated that they remember their passwords by memory, and just over 35% stated that they use a password manager.

Regarding personal Wi-Fi networks, the survey found nearly 60% of users haven’t changed their Wi-Fi passwords since their networks were set up or don’t know how to do so.

PC Matic suggests that passwords should be a combination of uppercase and lowercase letters, numbers and special characters. Users should never reuse passwords on multiple accounts and should create unique passwords and store them in a safe place for remembrance.

For corporate passwords, the firm recommends that businesses issue passwords to their employees. The survey found only 16% of employers issue their employees a password. The overwhelming majority (80%) allow their employees to choose their own passwords, and just 4% of employees have their passwords set by a password generator.

The PC Matic survey report includes top tips for individual users, as well as employers.