Poor password habits are, on average, costing businesses £261 per employee each year as staff struggle to manage a growing number of login credentials.
According to new research from Centrify, an average sized business with 500 employees is losing £130,500 per year through lost productivity.
Respondents to the survey of 1,000 UK workers were asked to estimate how much time they spent each week in managing their passwords. the average loss of £261 per employee was then calculated by totting up how much time they said they spent on entering login details, trying to remember forgotten passwords and contacting administrators to reset passwords.
The survey did not assess the associated costs connected to poor password management but we can take a look at recent data breaches to gain an idea of how people and their security habits, or lack thereof, can be an important aspect for organisations of all sizes.
Barry Scott, EMEA chief technology officer at Centrify, said:
“In our new digital lifestyles, which see a blurring of the lines between personal and professional lives, we are constantly having to juggle multiple passwords for everything from email and mobile apps to online shopping and social media.
According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns and for employees who are costing their companies time and money.”
The survey discovered that 47% of respondents use their own devices for business purposes but just over one third of those questioned said they did not secure their own mobile tech with passwords at all, despite storing confidential and business critical information on them.
Worse yet, employees who did use passwords still engage in the same risky practices that security professionals have been warning about ever since time began:
- Reusing the same password whenever possible
- Continually cycling through a small list of passwords
- Keeping a written record of all passwords
- Concocting passwords based on personal data
- Not using upper and lower case characters and ignoring symbols when making a new password
Such admissions are a concern, especially when you consider that over a quarter of the respondents said they had to enter 11 or more passwords a day, which may explain why 41% described forgetting a password for an online account as “very annoying” and a bigger aggravation than losing their keys (39 percent), finding their mobile phone battery was flat (37 percent) or receiving a spam email (31 percent).
Further insight into how non-security personnel view password management comes in the form of comments from respondents who complained about the hassle of managing their login credentials – 13 percent said they would rather spend an hour on hold on a customer service line, 12 percent would prefer to be stuck next to a crying baby on a flight, 17 percent would set their mobile ringtone to The Macarena for a year and 7 percent would choose root canal treatment over having to remember their passwords.
It is perhaps unsurprising to then learn that a third of all respondents admitted they had permanently lost access to an online account through forgetting a password.
If this sounds like you then you need a password manager and/or some good password tips. If you recognise such an attitude toward passwords among your employees then you may be in need of some security awareness training to help your staff understand how their actions can affect the business, as well as their own privacy and security.