2022 Password Decisions Survey

Password managers have gone mainstream, however, overall password practices reveal security vulnerabilities according to this second annual survey of over 400 IT decision makers. The survey shows that password managers are now a near-defacto standard for organizations, with 86% reporting they are being put to use. This reflects an 9% increase in the use of password managers over the past year. And yet, IT decision makers continue to rely on unsecure methods, such as computer documents (53%) and pen and paper (29%), to manage passwords. The full results of the 2022 Password Decisions Survey shed light on the practical and logistical benefits of company standards for credential management.

Bitwarden partnered with Propeller Insights to poll independent IT decision-makers across a range of industries who play a key role in enterprise purchasing decisions. The findings illustrate four big themes:

• While password managers and 2FA have gone mainstream, overall password practices reveal security vulnerabilities

• Most respondents want their employers to require employees to use the same password manager across the organization

• Despite a year of high-profile cyberattacks and increasing vulnerabilities posed by remote work, almost all respondents reuse passwords across multiple sites

• Remote work heightens concerns over cybersecurity practices and how to address them

Most employers require company-wide password managers, up 3% from last year. In exploring why people may be reluctant to utilize stand-alone password managers, respondents cite cost (50%) and time constraints (46%). These perceived roadblocks can be alleviated with affordable, cost-effective password managers and with assistance from the IT team in implementing company-wide rollouts.

“Most people know it’s not a good idea to use email to share sensitive information, and yet this practice still continues in day-to-day IT tasks. People need easy ways to transmit sensitive information with end-to-end encryption via email, which is where Bitwarden Send comes in. Implementing the right tools from the C-suite level down will streamline communication within your organization and keep your credentials secure so you can do business faster, safely.” - Michael Crandell, Bitwarden CEO

Similar to last year, far too many IT decision makers share company passwords with colleagues through unsecure methods such as email (53%), chat (41%), and in conversation (31%). Compared to last year, the number of IT decision makers sharing passwords via email skyrocketed from 39% to 53% due in part to the sudden adjustment to remote work and increased rate of employee turnover.

Despite the many high-profile password-related breaches such as Colonial Pipeline and Solar Winds, a majority (54%) of IT decision makers admit their organization has experienced a cyberattack. 25% of organizations don’t have (or aren’t sure if they have) a ransomware mitigation strategy in place - a disconcerting amount when considering the success of ransomware attacks over the past few years.

In a year of increasing vulnerabilities posed by remote work, almost all (92%) of respondents still reuse passwords across multiple sites.

Reminder: reused passwords are weak,
unique passwords are strong.

Phishing attacks remain a scourge and will only become more sophisticated as social engineering is continually honed. Emails purporting to be from financial institutions (35%) or a government entity (22%) are the top phishing culprits. Healthcare organizations also made the list this year, with 11% citing them as the culprit behind their phishing emails.

61% of respondents are more concerned about cybersecurity this year and attribute this to the fear that employees working remotely may be more lax about their overall security posture. The Great Resignation hasn’t spared the world of IT decision makers: a majority (48%) are working more hours than last year, with 58% faulting turnover and difficulty hiring.

Two-factor authentication is always worth the effort. 2FA is now mainstream in the workplace, with 88% of respondents using it. However, there is a gap between security practices at work and at home. The recent Twitter transparency report notes that 2.3% of users have enabled 2FA for their accounts. In efforts to keep users more secure, Google is increasing 2FA requirements.

While the popularity of 2FA in businesses is encouraging, respondents believe the top factors driving away employees from embracing it are perceptions that it “slows down workflow” (45%) and “takes time to implement” (44%). To address these hesitations, Bitwarden offers integrated two-step login with the Bitwarden Authenticator as a part of any paid Bitwarden plan.

To view the full survey findings, download the 2022 Password Decisions Survey.