Share this article on:
A new poll of 1,000 US workers has found a high prevalence of taking advantage of old passwords to access work files and applications after leaving a job.
The report, by PasswordManager.com, paints a damning picture when it comes to password security, with companies both failing to update old passwords and ex-employees more than happy to take advantage of lax password security.
Alarmingly, nearly half of those polled were still accessing their former accounts. Of those still using their old accounts, 58 per cent said it was because their passwords had not been changed after leaving their old job, while 44 per cent said that someone still working at their old place of employment was happy to share new passwords with them.
Even when passwords had been changed, and no one was sharing access details with ex-employees, 6 per cent were still able to guess the new password. Some because the new one was common, others because they knew their old boss “well enough to guess the password”.
Despite the number of people taking advantage of previous employers, only one in seven had been caught, and a third of respondents reported they had been taking advantage of old passwords for up to two years.
The reasons for ex-employees to keep accessing old work accounts vary. Sixty-four per cent use their passwords to access old email accounts, and 49 per cent use their logins to access expensive subscription-based applications.
But perhaps of most concern is that 44 per cent are accessing company data, with one in 10 ex-employees using their access to disrupt the business activity of their former employer.
In some cases, password security at a previous employer had been so poor that ex-employees had been contacted by their old employer to recover lost or forgotten passwords.
“From a technical standpoint, it’s important for companies to understand what assets they have, which include services, information, and other types of accounts used by the company — whether by just a few employees or everyone — and classify or prioritise, starting with being highly valuable or critical and working down the list to what’s not as important to protect,” said Daniel Farber Huang, head of privacy and cyber security at PasswordManager.com, in a post about the findings.
“Ideally, the company creates standard operating procedures or consistent schedules of updating passwords based on criticality.”
The challenge is in making password management a priority.
“Cost factor is certainly one meaningful issue for most companies lacking proper security,” Huang said. “The other aspect is having a staff person to manage the ongoing process.”
“Let’s face it, most employees probably would not be jumping up and volunteering to be the official password wrangler. It’s too important of a role to simply outsource or pile onto a junior staffer, however, and companies should value the importance of the role accordingly.”
“This issue is one element in a broader framework of trust between entities and the individuals they rely on to operate and thrive.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.