Small businesses are continuing to use Word documents or Excel spreadsheets to keep their passwords despite the inherit risk of compromise.
A study by NordPass reveals 3 out of 7 companies admitted it keeps passwords in Word, Excel, or other plain text documents that were not password protected. Before adopting a company-wide password manager, none of the companies had a unified password-management solution.
One company that NordPass interviewed said it used the same password for everything. Employees are also using their personal password managers with their business passwords. They also admit to sharing passwords with colleagues typically via message, email, a shared document or other unsecure way.
Why is Storing Passwords in Word, Excel Dangerous?
Passwords are simply the first line of defense. Weak, reused, or compromised passwords are frequently responsible for the majority of data breaches, according to NordPass.
Cybercrime, while costly for any company, is extremely damaging for small businesses— 60% of SMBs go out of business within six months of a cyber attack. Yet many companies still choose to operate without a password manager. On average, 59% of businesses use a password manager, according to a study by NordLocker.
In addition to poor password-keeping practices, research reveals that some of the largest businesses still use easy-to-guess passwords such as “123456” or “password.”
“When it comes to passwords, people are fatigued. No one wants to think of a complex, lengthy password, and, even worse, remember it. It’s best to generate passwords using an online or in-app generator. This way, we make sure that we eliminate uncreative and weak passwords, such as ‘123456,’” says Chad Hammond, a security expert at NordPass.
Organizations can leverage single sign-on (SSO) and password synchronization. With SSO, employees are less likely to revert to bad password practices, such as creating common passwords or writing them down.