One in five U.S. employees would sell their passwords – some for as little as $150, according to a survey by security specialist SailPoint. The global survey of 1,000 employees at large organizations also confirmed that employees are lax about password management in general.
"Basically, passwords are poorly managed in many enterprises. The reality is that passwords are not going away – in fact they are flourishing,” said SailPoint president Kevin Cunningham. Today’s end user has dozens of passwords they have to remember on a daily and even hourly basis. They compensate by choosing easy-to-remember, and easy-to-guess, passwords, or reusing the same password across multiple applications, or writing them down on sticky notes stuck to their computers."
Cunningham said that poses a significant risk to sensitive corporate data, which highly-publicized recent data breaches illustrate.
Specifically, one in five employees routinely share login information for corporate applications with other members of their team, which increases the potential that the passwords they sell might not even be their own.
Compounding the problem, 56 percent of respondents admitted to some level of daily password reuse for the corporate applications they access, with many as 14 percent of employees using the same password across all applications.
There is a distinct tradeoff between convenience and risk management. Strong password management means enforcing policies,” Cunningham said. The rank- and- file employee typically puts convenience at a higher priority than managing risk. So businesses are constantly fighting a battle of security versus convenience. But at the end of the day, a single breach incident is must more costly to the business than mild employee inconvenience."
He said most companies are focused on educating their employees about devising strong passwords, which like some apps require a combination of upper and lower case letters, numbers and symbols. But it’s these very requirements that can lead employees to reuse the same password over and over.
"This is one of the areas where technology can and should be the tool to enforce strong, unique passwords versus relying solely on training,” Cunningham said. "Fortunately, there are solutions that fit that need--simplifying the burden for employees by providing a single point of access for all applications, and then providing the strong password management controls behind the scenes."
He also noted the market is seeing a renewed focus on password management due to the explosion of usernames and passwords that end users need to keep track of on a daily basis.
"This escalating number of logins and passwords that employees are required to use is a growing source of frustration and lost productivity across many organizations both for the end user and IT alike," he said.