• United States



Contributing writer

27% of US office workers would sell their passwords

Mar 21, 20163 mins
Data and Information SecurityData BreachInternet Security

U.S. office workers at large companies would sell their work password to an outsider

In a survey released today, 27 percent of of U.S. office workers at large companies would sell their work password to an outsider, compared to a global average of 20 percent.

And despite all the recent media attention on data breaches, password hygiene is actually deteriorating, said Juliette Rizkallah, CMO at SailPoint Technologies, which sponsored the survey.

The study itself was conducted by Vanson Bourne, an independent research firm. The same survey was conducted last year as well, but then only one in seven employees were willing to sell their passwords.

Crooks have to be willing to shell out some dough, however, as 56 percent of employees priced their credentials at over $1,000. Others, however, were willing to go as low as $100.

“Last year, the minimum mark was $150,” said Rizkallah. “Things are getting worse.”

Plus, the employees were sneaky. Many respondents added that after getting the money, they would immediately change their passwords.

There would also be other practical difficulties to actually finding employees willing to sell their passwords, admitted Rizkallah.

“There are channels on the dark web that let you do that without any trace, and without any contact with people,” she said.

Anonymity would be very important for both sides in the transaction — but the employees would be giving up their identity along with their login credential.

“If it doesn’t seem convenient or comfortable for employees, they might not go for it,” she said.

But the major take-away here is of how careless employees are with their corporate passwords.

In other results from the survey, 65 percent of employees admitted to using the same password in multiple locations, and 32 percent shared passwords with co-workers.

The problem doesn’t end when employees leave their jobs — 42 percent of employees said they could continue to access their company accounts and data.

Another third of employees use public cloud services for work, a 55 percent increase compared to last year, completely outside of company controls.

Involving the IT department slows things down too much, said 49 percent of respondents.

But IT departments themselves are also capable of poor password hygiene.

Last week, a survey of RSA conference attendees showed that 36 percent work in organizations where IT staff share passwords, and 55 percent make the rest of their users change their passwords more often than they change administrative credentials.

And a whopping 77 percent believe that passwords are failing as an IT security method, according to Lieberman Software, which sponsored the survey.