Remote Employees’ Password Hygiene is Critical

Most working professionals use a password at least once – if not many times – every day. Now that more employees than ever are working from home, smart password strategies must be front and center in every workplace.


Organizations with robust cybersecurity defenses can still be undermined by poor password practices. According to a survey by Google, password reuse is still a common practice, despite the awareness of the risks. More than half of the people surveyed reported reusing the same password for multiple accounts.

Security Boulevard highlighted the password reuse problem with these alarming statistics:

  • A survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
  • Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
  • The average person reuses each password as many as 14 times.
  • 72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
  • And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
  • found that 76% of millennials recycle their passwords.
  • This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.


For many workers, home and “the office” are one and the same, and employers expect that 40% employees will still be working remotely at the end of 2021. Many employees use personal devices to access work systems, and sometimes those devices are shared among family members. This means the line between personal risk and organizational risk is now almost nonexistent.

As evidenced by the data above, password behaviors still need a lot of improvement, and employees and organizations alike underestimate the risks posed to the workplace. Many still aren’t making the connection that breached credentials on a personal account can create serious workplace vulnerabilities if the credentials are reused or a compromised device is used to access an enterprise system.

In sophisticated cyber attacks, a cybercriminal may first look to access the personal accounts of employees at a targeted organization, which are often easier to hack. Then, the personal information gathered is used to devise credible-looking schemes, or otherwise gain access to corporate systems.


Because the world is becoming increasingly digital and cyber threats have been heightened by the COVID-19 pandemic, more organizations are offering identity security to employees as part of their benefits package. The robust cyber defenses include notification whenever an individual’s compromised credentials are found on the Dark Web, so fast action can be taken to secure passwords.

Talk to a local agent to learn more about adding cyber identity security protection.