HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

92% of IT Leaders Guilty of Password Reuse

A recent survey has revealed password reuse is rife, even amongst IT leaders who should know better. 92% of IT leaders admitted reusing passwords for multiple accounts, even though this is a significant security risk.

Password best practices include setting a strong, unique password for each account. If passwords are reused across multiple accounts, all it takes is for one of those accounts to be compromised for all other accounts that use that password to be accessed. Password reuse is exploited in credential stuffing attacks, where threat actors use lists of passwords obtained in previous data breaches to try to gain access to other accounts. These attacks are automated, often using multiple IPs to try small numbers of passwords to avoid being locked out of accounts.

The survey was conducted by the password manager provider Bitwarden, which also found that other poor password practices were common. 53% of respondents stored passwords in documents on their computer, and 29% wrote their passwords down to make sure they did not forget them. 53% of IT decision makers said they shared passwords through insecure methods, such as email, with the percentage doing so increasing from 39% last year. Bitwarden attributes that rise to an increasingly remote workforce and the higher rate of employee turnover as a result of the pandemic.

61% of respondents were concerned about cybersecurity due to the remote workforce, as they believed remote workers were laxer about security. They also said password management has become more difficult due to the higher rate of employee turnover.

“People need easy ways to transmit sensitive information with end-to-end encryption via email, which is where Bitwarden Send comes in,” he said. “Implementing the right tools from the C-suite level down will streamline communication within your organization and keep your credentials secure so you can do business faster, safely.”

There was some good news from the survey – 88% of organizations were found to have implemented 2-factor authentication to improve security, although there were complaints about 2FA, and 86% of respondents said they used tools to help manage their passwords, which is an increase of 9% from the previous year. 84% of respondents said their employer requires all employees to use the same enterprise-wide password manager.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.