Skip to content
Naked Security Naked Security

Your new year’s resolution: review your password habits

Are your password habits putting your workplace's security at risk?

It’s that time again – new year, new you, new resolutions … new passwords? Or will you be one of the many who simply use the same password over and over again – in the office as well as at home?

According to a recent Gemalto survey of 1,150 IT professionals across the globe, 90% of respondents are concerned that…

…employee reuse of personal credentials for work purposes could compromise security.

But, in contrast, it also found that 68% of IT professionals would be comfortable allowing employees to use their social media credentials on company resources. These findings, it believes, suggest that…

…personal applications (such as personal email) are the biggest worry.

The research’s main focus is on how personal and workplace identities are converging. It explores the impact of consumer authentication methods, consumer breaches and mobility on security in the workplace:

Enterprise security teams [are] under increasing pressure to implement the same type of authentication methods typically seen in consumer services, such as fingerprint scanning and iris recognition.

While, it reports, 62% said they were feeling this pressure, 63% felt authentication methods used for consumer services were actually suitable for enterprise use, despite consumer breaches continuing to rise. In fact, almost half (52%) believe enterprise and consumer authentication methods will merge completely within three years. However, it notes, that rise in consumer breaches is having an impact on how enterprises are approaching access management, driving them to increase training, resources and spend.

Mobility and expectations around usability are having a big impact too, increasing resources, spend and deployment rates: 62% of respondents expect to implement strong authentication in two years’ time and nearly 40% said they will implement Cloud SSO or IDaaS within the next two years

Two-factor authentication is playing a greater role – both in and out of the office:

  • 94% of respondents are already using two-factor authentication to protect at least one application
  • 96% of respondents are expecting to use it at some point in the future
  • 37% of users at respondents’ organizations are required to use two-factor authentication to access corporate resources from mobile devices
  • Respondents believe this will increase to 56% in two years’ time.

François Lasnier, senior vice-president, identity protection at Gemalto comments:

Businesses need to make sure their data isn’t compromised by bad personal habits. It’s encouraging to see deployment of two-factor authentication methods on the rise.

Overall, the report highlights how personal and workplace identities are converging and, in doing so,
causing security challenges for businesses.

Based on its findings, everyone – whether consumer, employee or both – needs to make a New Year’s resolution to get into some good habits when it comes to security. After all, it’s up all of us to help the IT folk to keep us all safe.

If you want a reminder on how to clean up your passwords, visit our two-minute tutorial on How to pick a proper password.



After the awful 2016 cyber security had, I have placed a new rule within my company and I have asked all of the staff to change their passwords to their computers weekly. I have also asked that when their mac wants to run an update, let it update. I had 1 computer crash through a virus and another hacked into last year, it will not be happening in 2017!


I would change your policy to every day change. People are good in creating and remembering secure passwords ;)


“People are good at creating and remembering secure passwords?” On what planet? People are the WORST about doing that – myself included!


The really frustrating result of all this is every entity with a legal right to collect personally identifiable information (PII) is obligated to authenticate your identity for validation purposes when you request access to validate the data they suposedly have on you. So they get more of your PII in the process.

Much of the data collection occurs without our consent or knowledge and it is now so widely disbursed you couldn’t even keep up with validation of it if you wanted to.

I believe we need laws that require data collection notice and CONSENT before it starts AND that a means for secure access to the data must be established without collecting more PII than they obtained from you during the consent process.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!