Password Sharing is a Data Breach Danger
Don’t overlook how the dangerous practice of password sharing is a data breach danger.
Passwords are the bane of IT teams, and password sharing is one of the biggest reasons for that. Password sharing among your staffers could open your company up to expensive and harmful cyberattacks. Credential compromise is also the most common initial cyberattack vector according to year’s IBM Cost of a Data Breach Report, the culprit in 20% of breaches. What’s a surefire way to compromise a credential? Sharing it with anyone else.
Start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>
Six Scary Statistics
Here are a few quick facts to keep in mind about staff password sharing:
- At least 65% of people reuse passwords across multiple sites.
- About 13% of people use the same password for every single account.
- More than 81% of data breaches in 2020 have been by poor password security.
- 42% of people share their work login credentials to work together with their teammates.
- 61% of users are more likely to share their work passwords than personal passwords.
- 34% of business users share passwords to reduce cost on user-limited software.
Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.
US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviors at work anyway.
The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>
Employees are sharing their passwords with other people at an alarming rate, including people that don’t work at the same company through password reuse and recycling. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.
- 43% of survey respondents have shared their password with someone in their home
- 22% of employees surveyed have shared their email password for a streaming site
- 17% of employees surveyed have shared their email password for a social media platform
- 17% of employees surveyed have shared their email password for an online shopping account
Based on our analysis of the top 250 passwords that we found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 were: Names, Sports, Food, Places, Animals and Famous People/Characters. Here’s a breakdown of people’s dreadful passwords.
The Most Common Passwords Spotted by Dark Web ID by Category
- Names: maggie
- Sports: baseball
- Food: cookie
- Places: Newyork
- Animals: lemonfish
- Famous People/Characters: Tigger
Top 20 Most Common Passwords That Dark Web ID Found on The Dark Web in 2020
Too many hands on a password makes it useless.
While it seems safe enough, businesses will not save money by handing around the login for a user-limited account. The security risk is too great, especially as more and more people in an organization need to use that account, so the login keeps getting passed around. It is almost inevitable that it will become compromised, creating an opening for bad actors to slip through and into critical systems and data – and costing a fortune in investigation, mitigation, and recovery expenses (and in some industries, additional regulatory fines).
No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.
Who else has that password?
Can you be sure that the only people who have the shared password are people that you trust? Are you willing to take the risk that it hasn’t already been compromised on the Dark Web? Are you certain that it isn’t also the password for the Netflix account that your assistant shares with her sister? Are you confident that the person who made that password isn’t one of the 59% of business users that understand the risk of password reuse admitted to doing it anyway in a recent survey? The answer to all of these questions is no.
From SMBs to giant multinationals, it doesn’t matter how high-flying a company is: password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.
Password sharing is an expressway to a data breach.
Password shenanigans can put any business at risk of a devastating and expensive cyberattack. But protecting your organization from password-related danger isn’t hard to do or expensive. The ID Agent Risk Protection Platform has the solutions businesses need to stay safe without breaking the bank.
Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.
BullPhish ID delivers a smooth, painless training experience for trainers and trainees alike. Trainers can run premade simulations or customize their content to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.
Dark Web ID can help your clients discover employees who may be tempted to sell their access credentials on the dark web to get all that cash. Monitoring 24/7/365 and fast alerts help companies stay a step ahead of malicious insiders.
Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
USE OUR PASSWORD COMPROMISE CHECKER>>
Book your demo of Dark Web ID, BullPhish ID and Passly now!