Skip to main content
close search
site logo
Dive Brief

Remote work had little effect on employees' password habits: report

Published Sept. 24, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Leon Neal via Getty Images

Dive Brief:

  • Since the work-from-home era began last year, half of employees admitted to not changing or updating their online security habits, according to a LastPass' Psychology of Passwords report, released Wednesday. The report is based on a survey of 3,750 professionals internationally.
  • Nearly half of employees (46%) have not strengthened their passwords during this time, despite 50% of respondents reporting more online accounts in 2021 than 2020, the report found. 
  • Only 35% of employers required employees to update their passwords regularly or enhanced authentication methods since remote work began.

Dive Insight:

People reuse similar or identical passwords because they want less to remember. And the ones who don't want to remember their passwords write them on sticky notes

If companies adopted more digital systems, employees will have more login requirements — from device login, VPN activation and maybe a system login — making the temptation to recycle passwords irresistible. 

The National Institute of Standards and Technology (NIST) lists theft, duplication, social engineering and endpoint compromise among threats to authentication. Multifactor and physical security tools can serve as resolutions, but NIST also recommends regular training for employees. Bad actors are banking on employees taking a casual approach to cybersecurity. 

The majority of data breaches (85%) feature human error, such as phishing or stolen credentials, LastPass found. "We've found that there's an education gap when it comes to the importance of storing sensitive information online," said Katie Petrillo, director of product marketing for LastPass. "We also found that the presence of risk does not inherently motivate people to adopt better security." 

But the complexity of a password supersedes how often an employee changes it. And for Microsoft, the safest option is eliminating passwords altogether. Last year, more than 150 million Azure Active Directory and consumer users logged into their Microsoft account without a password, the company said

Microsoft is doubling down on a passwordless future, especially considering 40% of people use patterns in their passwords, such as "Winter2021," a Microsoft survey found. 

Users can remove passwords from their Microsoft accounts using Windows Hello, the Microsoft Authenticator app, or verification codes instead, the company announced last week. Because passwords are still widespread, Microsoft has a password manager through Microsoft Edge. 

The security industry is confronting the next iteration of authentication while balancing usability. "I don't believe that passwords will be going away anytime soon," said Petrillo. New opportunities, including biometric authentication, single sign-on, and federated identity will increase in use, however.

Recommended Reading

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell