In a recent study by KnowBe4 Research, only 24 % of employees save their passwords. This suggest that many employees reuse their passwords. “Using the same, simple password at multiple locations makes you easier prey for hackers”, warns Kai Roer, Managing Director of KnowBe4 Research.

KnowBe4 Research evaluates organisations’ security culture and has analysed the responses of over 160,000 people surveyed worldwide. These figures show that three out of four people do not write their passwords down. At the same time, other surveys show that just under 25 per cent use a program to keep their passwords, while half of us try and remember them.

“Most of us use a whole host of online services and systems requiring passwords, both at work and at home. By using the same password at multiple locations or a short password that is easy to remember, you are making it easier for hackers to access your accounts,” explains Roer.

KnowBe4 Research’s data shows that more than four out of five people in the banking, consulting and technology sectors do not write down or store their passwords.

For Roer, it is alarming and a little surprising that banking, consulting and technology companies have the highest proportion of employees who do not write down their passwords. “With access to so much sensitive information, the password routines in such companies should be better,” he says.

Conflicting advice

Advice about password routines has not been particularly consistent over the years, while the number of sites and systems requiring a login password has multiplied exponentially.

For years, companies would tell employees to NOT write down their passwords. Then, they were asked to create complex and unique passwords. Complex passwords are difficult to remember, and many employees would resolve to reusing passwords. “This is human nature. Fortunately, there are solutions,” says Roer.

The most important step is to save your passwords somewhere no one else has access. Like on a mobile phone or a good, old-fashioned notebook. So-called ‘password managers’, software that remember your passwords for you, are a safe and recommended solution. Apple’s keyring is a good example. At work, IT departments should have recommendations for the type of ‘password manager’ you should be using.

“If you haven’t yet made a New Year’s resolution, I have a suggestion,” says KnowBe4 Research’s Kai Roer. “Do a thorough clean-up of your passwords. This is a simple, but extremely important resolution that is easy to keep. If you are unsure whether it’s worth your time, visit the website ‘Have I Been Pawned’. There you will find almost 10.5 billion stolen usernames and passwords,” he adds.

Three tips for good passwords:

1. Create unique, slightly longer passwords. The safest solution is to create a unique password for each service you use. Passwords do not have to be a single word, they could be a simple sentence or a random sequence of digits, letters and special characters.

2. Write your password down somewhere no one else has access to. With many unique passwords, it can be difficult to remember them all. Write them down, but make sure no one else has access to the list.

3. Use a ‘password manager’. This is a safe and secure way to avoid having to remember complex, unique passwords. There are plenty of good programs and applications available. Consult your IT department at work; they will be able to advise you.