In an increasingly connected world few aspects of our lives exist in isolation. As a result, bad password habits on social networks can put work accounts at risk.
A new study by account management solutions company Thycotic reveals that 53 percent of users haven’t changed their social network passwords in more than a year -- with 20 percent having never changed their passwords at all. This not only means their social network accounts are at risk but if the same password is being used elsewhere, other accounts are vulnerable too.
"As we know, social networks give away a lot of private information. For people to not consider changing their passwords on a regular basis on their Facebook, Twitter and LinkedIn accounts, they are easily allowing hackers to access information that will grant them access to other facets of their lives, like their work computers and email," says Joseph Carson, chief security scientist at Thycotic. "Not only is this a huge vulnerability, but this is also a flaw within large social networks that don't remind or make it clear and transparent to the user about the age or strength of the password or best practices."
The survey results show a worrying discrepancy between security professionals and their own security habits. Nearly 30 percent of security professionals say they still use birthdays, addresses, pet names or children names for their work passwords.
"The fact that the people who are in the trenches of the day-to-day security for businesses are using weak passwords for their credentials is shocking and unacceptable," says James Legg, president and COO at Thycotic. "These survey results just go to show just how vulnerable a lot of people have made themselves and the companies they work for through being irresponsible with passwords. Without the proper solutions in place, companies are really at risk here."
The survey, carried out at this year's RSA conference, also shows more than 45 percent of respondents say they believe privileged accounts accounted for at least half of the cyberattacks. In addition, around 65 percent of respondents don't believe cyber security will get stronger under President Donald Trump, and more than 25 percent of respondents said they change their password at work only when the system tells them to.