Majority of SMEs failing to keep their passwords secure

login, MyGovID, password

A new study by password manager solution NordPass reveal that most small businesses do not have effective password management in place, with many tending to keep password information in unsecured Word documents or Excel spreadsheets.

The study revealed that three out of seven companies admitted that they kept passwords in Word, Excel, or other plain text documents that were not password protected. In addition, multiple companies said that their employees used their personal password managers for their business passwords. One company even said that it used the same password for everything.

Many respondents admitted it is common practice to share passwords with colleagues via message, email, shared document, or other unsecured channels.

“Over the past year, we’ve been talking to many different companies to find out how they dealt with passwords before adopting a password manager,” Chad Hammond, a security expert at NordPass, said. “The conversations revealed some interesting yet alarming insights.

“A password manager is a necessary tool for business security,” Hammond added. “We see that those companies that do not utilise a password manager usually use highly questionable tools, such as unencrypted documents, which is incredibly dangerous.”

In addition to poor password-keeping practices, the research also noted that even some of the largest businesses still use such easy-to-guess passwords as ‘123456’ or ‘password’.

“When it comes to passwords, people are fatigued. No one wants to think of a complex, lengthy password, and, even worse, remember it,” Hammond said. “It’s best to generate passwords using an online or in-app generator. This way, we make sure that we eliminate uncreative and weak passwords, such as ‘123456’.”