No. At least I hope you wouldn’t sell the password to your bank account for $150.
A recent survey from SailPoint, however, found that one in seven users would be willing to sell the password they use at work to the highest bidder–some for as little as $150. Many users are cavalier or oblivious when it comes to protecting passwords even when the password is literally the only thing protecting their accounts and identities.
I wrote a post about the password survey and poor password security practices:
Corporate passwords for sale, $150 OBO. That, apparently, is how little some employees may take in exchange for compromising their company’s security.
SailPoint’s Market Pulse Survey, compiled from responses from 1,000 workers from large companies with at least 3,000 employees, offers vivid examples of how easily one person can create a lot of risk—and why passwords alone are simply inadequate.
Here are some highlights:
- 1 in 7 employees would sell a corporate password for as little as $150.
- 56 percent of those surveyed admit to reusing passwords across corporate applications they access.
- 14 percent of those surveyed claim to use the same password for every application.
- One in five of the survey participants routinely share login credentials with other members of their team.
The reuse of passwords is particularly alarming. “Employees may have moved away from the post-it note password list, but using the same password across personal and work applications exposes the company,” said Kevin Cunningham, president and founder of SailPoint, in a statement.
Sharing passwords with other coworkers is probably seen as a friendly or expedient thing to do. Unfortunately, it makes it much more difficult to contain or enforce password security, or to trace the source of a breach or compromise.
Lax at work, worried at home
While many of the employees surveyed apparently were lax about corporate security, they were cautious about their personal online security. Twenty percent of those surveyed said they’d been the victim of a data breach. Ironically, the same proportion (20 percent) said they’d stop doing business with a company that put their data at risk—like maybe their company?—and fully half said they’d tell their friends and family to do the same.
You can read the complete post at PCWorld: Selling passwords for $150, and other dumb ways users threaten corporate security.
- Igor Volovich Chats about Cybersecurity Compliance and Accountability - January 31, 2023
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023