Why it's a Terrible Idea to Use Your Personal Passwords at Work
We live in a world thirsty for instant gratification. Rapid access. Lightning-fast searches. We crave seamless surfing. Unfortunately, thousands of Americans only discover the value of stellar security after their accounts get hacked.
Until then, they'll continue using shortcuts and repeats. But a mountain of regret can bury anyone who rushes through security steps to log into accounts—whether at work or home.
Security measures, by their nature, slow down the process. First, you must enter each password. You've probably heard all the advice on using unique ones. Longer and stronger ones. And to avoid any word that appears in a dictionary. If you're following all these tips, you can stop reading now. For most of us, however, the codes we choose are easy to remember, like the name of an old boyfriend or the family dog, so read on.
Poor password practices could put you or your employer at serious risk. Research shows that employees don't generally view themselves as a weak security factor at work, but they should. Human error is well-documented as a top cause of data breaches. Therefore, employees introduce high risk to any business data system they access, which keeps corporate IT managers awake at night.
Some Harsh Facts
Have you ever wondered whether workers use better password practices when they're logging into a work system? Or is their private account access more robust? It's a fair question and one that prompted this article. But unfortunately, it comes with a surprising answer. For roughly half of all employees interviewed on this topic, the answer was neither because these employees utilize identical passwords for business and personal accounts
And there's more in terms of questionable access. For example, over 50% of employees surveyed admitted using one password for all their work accounts in a recent British review. Even worse, one in five of those surveyed—even owners of surveyed businesses—say they still write down their passwords.
A sticky on the side of your computer monitor is familiar but ill-advised. Anyone—a co-worker, a visitor or even a TV viewer—could copy that data and use it to access your files.
In January 2018, the world watched as Hawaiians braced for disaster after an alert was broadcast regarding incoming missiles. The warning was erroneous, but folks worldwide learned the password of one Hawaii Emergency Management Agency employee on the news. The Associated Press published a photo of the agency's headquarters in one story. Millions of TV viewers learned that worker's password because that individual scribbled it on a prominent sticky note displayed on the monitor.
Today's work-from-home realities make it difficult to measure the current risks, but many security professionals fear the relaxed at-home approach has exacerbated poor security. So here's another query: should workers prioritize safety at their workplace more than they do for personal accounts?
Friction at Work
Password reuse is a critical error, but most people simply cannot recall hundreds of passcodes from memory. Thus, password repeats provide an easy fallback even for individuals guilty of this mistake who understand it's a wrong choice.
Imagine this situation: You work for a local energy provider and are an avid computer user outside of work. You employ the same login password and username for both logins.
If your personal credentials leak via a warehouse store breach or a loss at the neighborhood gas station, that thief suddenly possesses the password that will open your work accounts. Yikes!
A simple online search probably reveals your employer's name. From there, it's a short hop into your workplace data systems and all sorts of sensitive information stored inside.
The result might be a ransomware attack at work or credential stuffing attacks that try to breach every online account you've created. Or both.
The problem of password practices boils down to friction at login and how much users will tolerate. It's true that entering all your login details every time you access a system is a pain. Still, that discomfort is negligible when compared to triggering significant data theft at your place of work, which could cost your business millions of dollars to clean up.
No one talks much about the employee who makes a mistake that results in employer compromise. The lucky ones get off with a strong warning about security. Others face disciplinary actions or termination after a significant breach. A sizeable number of individuals also quit their jobs.
Superman? Wonder Woman?
As the world awaits a future containing the ideal solution to password hassles, these pointers could help you stay safer in the present.
Be original. Don't be a superhero. The Mozilla Foundation, which operates the Firefox browser, reported some shocking statistics on superhero passcodes. Searching the online data repository HaveIBeenPwned.com, Mozilla noted that Superman appeared over 368,000 times in known data leaks. Batman was close behind with 226,000 appearances.
Hacker dictionaries overflow with common words like these and perennial favorites like 123456, password, qwerty, and Clark Kent. According to one source, over 60% of all breaches in 2020 involved login credentials, so craft and guard yours as if they're priceless.
The bottom line? Since so many users employ the same password for both work and home, this is an excellent place to start.
Slow down when you're online and review all email links skeptically. Never forget how easy it is to hit the wrong keys on small mobile screens. You could quickly shoot off an email to the wrong Jason or Jody in your address book, for example, and create a life-altering data leak.
IDShield's member security packages now include a highly sophisticated password manager that works on desktop units, laptops and mobiles using Android or iOS. With most managers, you'll only need to remember one master code. The program stores the others on your device securely in many cases. Most of these tools can also generate unique, complex words or phrases so you can (and should) stop using your dog's name over and over. Everyone from your employer to the family pup, Roscoe, will thank you.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. IDShield plans are available at individual or family rates. For complete terms, coverage, and conditions, please see an identity theft plan. This is meant to provide general information and is not intended to provide legal or tax advice, render an opinion, or provide any specific recommendations.
Pre-Paid Legal Services, Inc. (“PPLSI”) provides access to legal services offered by a network of provider law firms to PPLSI members through membership-based participation. Neither PPLSI nor its officers, employees or sales associates directly or indirectly provide legal services, representation, or advice. The information available in this blog is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations. The blog post is not a substitute for competent legal counsel from a licensed professional lawyer in the state or province where your legal issues exist and the reader is strongly encouraged to seek legal counsel for your specific legal matter. Information contained in the blog may be provided by authors who could be a third-party paid contributor. All information by authors are accepted in good faith, however, PPLSI makes no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of such information.