SMBs still keep their passwords in Excel spreadsheets

According to a study by NordPass, most small businesses do not effectively manage their passwords. In fact, it is not uncommon for them to use Word documents or Excel spreadsheets to keep their passwords.

“Over the past year, we’ve been talking to many different companies to find out how they dealt with passwords before adopting a password manager. The conversations revealed some interesting yet alarming insights,” says Chad Hammond, a security expert at NordPass.

The study revealed that:

  • 3 out of 7 companies admitted that they kept passwords in Word, Excel, or other plain text documents that were not even password protected.
  • Before adopting a password manager company-wide, none of the companies had a unified password-management solution.
  • One company said that it had the same password for everything.
  • Multiple companies said that their employees used their personal password managers for their business passwords.
  • All companies admitted thatthey shared passwords with colleagues typically via message, email, shared document, or other unsecure way.

Why is this dangerous?

Passwords are the first line of defense. Weak, reused, or compromised passwords are frequently responsible for the majority of data breaches. Cybercrime, while costly for any company, is extremely damaging for small businesses — 60% of SMBs go out of business within six months of a cyber attack. Yet many companies still choose to operate without a password manager. According to a recent study by NordLocker, on average, only 59% of businesses use a password manager.

“A password manager is a necessary tool for business security. We see that those companies that do not utilize a password manager usually use highly questionable tools, such as unencrypted documents, which is incredibly dangerous,” says Chad Hammond.

In addition to poor password-keeping practices, research reveals that even some of the largest businesses still use such easy-to-guess passwords as “123456” or “password.”

“When it comes to passwords, people are fatigued. No one wants to think of a complex, lengthy password, and, even worse, remember it. It’s best to generate passwords using an online or in-app generator. This way, we make sure that we eliminate uncreative and weak passwords, such as ‘123456,” continues Chad Hammond.

“Another great idea is to leverage single sign-on (SSO) and password synchronization. With SSO, employees are less likely to revert to bad password practices, such as creating common passwords or writing them down.”