Open Source Security Summit: Our global event is going virtual on December 10 – Let's solve security challenges together. — Learn More

The Bitwarden Blog

Bitwarden introduces 2021 Password Decisions Survey

In a new survey of 400 US-based IT decision makers, 80 percent of respondents want their employers to mandate the use of an enterprise-wide password manager. The full results of the 2021 Password Decisions Survey shed light on the practical and logistical benefits of company standards for credential management.

The survey finds that even IT decision makers struggle with adhering to security best practices at work, highlighting that the C-suite should take a more proactive role in prioritizing standard security protocols.

The survey also explores opinions and best practices beyond password management. Bitwarden worked with Propeller Insights to issue the survey to gain further insight about security preferences.

Password practices at work

The survey finds 77 percent of IT decision makers are using documents, spreadsheets, or a notepad to keep track of passwords. While a majority of survey-takers said they do use a password manager at work, it seems like the use isn’t exclusive or mandated.

Contrary to what some may guess, 80 percent want their employers to mandate the practice of using a password manager. The Post-It note approach may be fading in popularity as 75 percent of respondents say employers already do require this.

Many studies have focused on the propensity of people to reuse passwords across multiple accounts. This survey finds the practice extends to the senior IT world: only 9 percent of respondents claim to never reuse passwords, with most reusing them across 5-10 sites. When asked to assess why people may be reluctant to use stand-alone password managers, our respondents cited lack of motivation and/or time constraints as the top factor. Cost was a close second reason, which signals that consumers may not be familiar with affordable password management (Bitwarden offers a full-featured free option, and Premium features are less than $1 per month).

Sharing passwords

As 2020 launched the world into a digital transformation, we were curious to know how IT decision makers share passwords to collaborate with their teams.

Nearly 40 percent said they use email to share a password.

Note that most email is not encrypted, and therefore leaves passwords exposed across numerous systems with long-term persistence. Other responses to sharing methods included instant messaging, online documents, and written passwords. All options that are not secure, nor the right way to share passwords.

Technologies in use

Two-factor authentication

Almost all (88 percent) of respondents claim to use two-factor authentication (2FA) in the workplace. Using 2FA helps increase user security for websites and applications, which is particularly critical in a new remote work era. Sixty-five percent of respondents also cite the use of 2FA technology as the number one feature that makes it harder for scammers to log into accounts.

Phishing prevention

The past months of remote work have shed new light on the threat posed by phishing attacks. According to the survey, 36 percent of respondents are targeted with phishing attacks claiming to be from their financial institution, followed by a manager or other executive within their organization (28 percent). Combating phishing attacks is possible with the right strategies, which should include 2FA (as an additional security layer) and a password manager, as they help users identify fraudulent sites.

Open source software

Large businesses are seeking open source software solutions more today than ever before. More than half of survey-takers selected transparency, cost-effectiveness, flexibility as benefits of open source technology.

When asked about the top benefits of open source technology, 69 percent of respondents cited flexibility as the most important factor, followed by transparency.

Zero-knowledge encryption

In exploring technologies, we also probed IT decision maker sentiments about zero-knowledge encryption. The service provider’s inability to access data was cited by 52 percent as the biggest advantage of zero-knowledge approaches.

Download the full report

To see a report of the results, fill out the form below.

← Back to Blog