Identity, Privileged access management, Training, Decentralized identity and verifiable credentials

Many workers admit to using past employers’ passwords after leaving

About 40% of workers said they’ve used passwords from a former employer after leaving the company, according to a survey commissioned by Password Manager.  

The survey of 1,200 workers from the United States revealed concerning uses of company passwords by current and former employees, as well as a lack of safeguards to prevent company password misuse.

More than a quarter of survey respondents (27%) also admitted to sharing their current employer’s passwords with others outside the company, according to the Password Manager report published Tuesday.

Many of these misuses are motivated by the desire to save money, or help others save money, by using company accounts.

About a third (33%) of workers sharing their current employer’s passwords said it was to help others save money, while more than half (53%) of those using their former employers’ passwords sought to save money for themselves.

“To curb credential sharing, companies should require employees to sign an Acceptable Use Policy and undergo regular security awareness training. Beyond that, it’s critical for companies to implement Role-Based Access Controls, enforce robust Identity and Access Management protocols, apply multi-factor authentication, and clearly define and enforce access policies,” said PeopleTec Offensive Cyber Analyst Gunnar Kallstrom, who runs the Password Manager website.

In most cases (60%), former employees were able to log into former employers’ accounts because the passwords had not been changed after they left. Another 28% said someone still at the company gave them the password, while 20% simply guessed the passwords used by their old employer.

The “vast majority” of those who have used past employers’ passwords reported they were never caught doing so, according to Password Manager. Additionally, 15% said they were still actively accessing old company accounts, with 40% doing so for at least a year after they left the company.

While most respondents misused former employers’ accounts to save themselves time and money rather than creating their own accounts, 2% admitted leveraging old employers’ password to attempt to disrupt company activity.

“A part of the offboarding process, all company access should be revoked from the former employee. If this does not happen, the company exposes itself to unnecessary risk. Some of the risks that the company accepts are the possibility of a former employee committing sabotage against the company,” said Kallstrom.

You can skip this ad in 5 seconds