Nearly 50% of passwords are stored in shared office documents

Password Managers
(Image credit: Snappa)

Nearly 50% of IT, security, and cybersecurity companies are still storing passwords in spreadsheets and shared office documents, leaving organizations and employees at risk of security breaches.

According to a survey conducted by Pulse on behalf of cybersecurity company Hitachi ID, 46% of company directors and vice presidents state that company passwords are stored in shared documents, even though 93% of respondents provide password management training and 63% hold training more than once per year.

Having a shared document with passwords could easily lead to cybersecurity breaches, allowing threat actors to get access to a significant number of employee accounts. In fact, as the survey points out, 29% of respondents say they’ve experienced an incident in the past year where they lost access to product systems after an employee left the organization. 

The study asked 100 anonymous IT, security, and cybersecurity leaders, with 80% coming from North America and 20% from the EMEA region. It also showed other methods companies use to store passwords, which included 30% using company-provided password managers, 15% using personal password managers, and 8% using physical notes such as a notebook or sticky notes. 

(Image credit: Hitachi ID)

“It raises an important question about how effective password management training is when nearly half the organizations are still storing passwords in spreadsheets and other documents, and 8% write them on sticky notes,” said Nick Brown, CEO at Hitachi ID.

He continues: “Insecure passwords are still a leading cause of cyberattacks, and education alone is clearly not enough. More companies need to follow the lead of the 30% who report that they store passwords in a company-provided password manager.” The study also showed that if an employee leaving the company could take passwords with them, with only 5% say they were extremely confident that wasn’t possible.

It's always a good idea to keep your credentials secure, and the best password managers will do that. However, Google's passwordless future means companies may not have to keep passwords in open documents anymore. Speaking of shared information, here's what your ISP knows about you and what you can do about it.

Darragh Murphy
Editor

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.