One in five Australian workers use the same password for all of their work and personal services while half use the same passwords at work as they do at home, a recent survey of password and device security habits has found.
The Workplace Security-Australia survey of 1003 workers, conducted by Galaxy Research for security vendor LogRhythm, found that 24 percent use their own smartphone for work purposes and just 17 percent use a work-provided smartphone.
Fully 91 percent use their own work PC or laptop to access work emails and 84 percent use their device to access work documents. Some 54 percent use the devices to access private emails, and 52 percent were using them for their private online banking.
Despite the extensive blurring between work and personal device usage, password control was found to be quite lax and employees were broadly being trusted with the security of the passwords they use to access those devices and work-related applications.
While 34 percent of surveyed workers use several different passwords, 19 percent said they use one password for everything and 21 percent use variations of the same password.
Just 9 percent of passwords were automatically generated by company security systems, although this increased to 13 percent in companies with more than 1000 employees. And only 6 percent said they were using a secure password manager application to store their passwords.
The results showed an age difference, with younger workers more likely to use the same password for work and personal usage.
Some 30 percent of Gen-Y workers admitted to frequently or always using the same password for work and personal accounts, compared with just 8 percent of Baby Boomers. Some 29 percent of Gen-Y workers said they never use the same password for work and personal accounts – compared with 67 percent of Baby Boomers.
The results highlight a weak point in corporate security that all too often being exploited by malicious outsiders, who LogRhythm ANZ sales director Simon Howe noted “are being harvested on the black market to fuel cyber attacks.”
“Businesses need to more actively monitor employee access to devices, applications and systems,” he said in a statement, “and to set policies that encourage them to keep security front of mind.”
Vulnerabilities from poor password security have been flagged for years and compounded by password sharing and the spread of devices and apps. However, with recent large breaches they have become so problematic that some security experts are recommending that companies move away from username-password security altogether.
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here.