Skip to main

You are here

54% of employees recycling passwords warns Yubico

Yubico's research highlights the low-level of security awareness in many organisations.


A survey of over 3,000 employees, business owners and c-suite executives across the UK, France and Germany has highlighted poor password security and a lack of two factor authentication (2FA) in many end user organisations.

The report commission by Yubico, a provider of hardware authentication security keys, discovered that 54% of all employees reuse passwords across multiple work accounts, 41% of business owners remember their passwords by writing them down and less than 25% of respondents haven’t implemented any form 2FA since the start of the pandemic.

Even when two phase authentication has been implemented organisations are using less secure forms of 2FA such as mobile authentication apps and SMS one-time passcodes.

The report highlighted other worrying stats, including that 43% of employees didn’t feel that cybersecurity was their responsibility. Rather, 60% of survey respondents felt it was the sole responsibility of the IT team.

Furthermore, after nearly 18 months of the pandemic, 37% of all employees across all sectors have yet to receive cybersecurity training to work from home, leaving the business exposed to evolving security risks.

The survey also discovered that 42% of respondents were using their work devices for personal reasons while working from home. Business owners and c-level executives were the worst offenders – 23% of business owners and 15% of c-suite leaders admitted to using their work machines for illegal streaming or watching TV.

Also, there does not appear to be any sort of top-down security cultural among most organisations, leading employees to feel anxious when dealing with IT and security. Consequently, many respondents – 51% – try and solve their own IT problems, rather than talk to IT, and 40% who clicked on suspicious link wouldn’t tell the IT department.

Despite the benefits of two factor authentication, just 22% of respondents say their organisation has introduced it since the pandemic began. Of those organisations that have introduced some form of 2FA, only 27% are implementing FIDO-compliant hardware security keys, with 54% of survey respondents still dependent on mobile authentication apps and 47% still using SMS one-time passcodes.

Yubico’s research interviewed 3,006 employees at organisations with over 250 staff, who have worked from home at some stage, and have work issued devices in the UK, France and Germany, between February and March of this year.