Survey: Despite the Risks, Employees’ Password-Changing Habits Are Lax

Share Article

An Express Employment Professionals survey reveals that nearly 50% of people only change passwords on work devices when they are prompted to, leaving them vulnerable to cybersecurity attacks.

News Image
We can all do a better job protecting ourselves online, whether it’s using strong passwords and two-factor authentication or staying up-to-date on the latest technologies and trends. Everyone is at risk—especially if they don’t realize it. - Bill Stoller, Express CEO

According to a Verizon study released last month, compromised passwords were linked to 80% of hacking-related security breaches. Password-related hacking creates significant trouble for businesses—and individuals—so Express Employment Professionals polled readers of its Refresh Leadership and Job Journey blogs to better understand peoples’ password habits. It turns out that almost half change their passwords only when they are prompted to change them.

Respondents were asked, “How often do you change the passwords for your work devices?”

Forty-nine percent say they change their passwords only when told to do so. While requirements to change passwords at regular intervals are common in the workplace, Microsoft recently announced that its newest software will no longer have “expiring” passwords, saying that other practices like multi-factor authentication are more important.

Almost one quarter, 24%, say they change passwords quarterly. Twelve percent change them monthly and 5% change every six months. Four percent admit they never change their passwords, while 3% change when they find out their accounts are compromised. Another 1% say “yearly,” and 1% say “weekly.”

Respondents were also asked whether they had ever had a password-protected account “hacked,” and 76% say they have not.

Terri Greeno, an Express Employment Professionals franchise owner in Crystal Lake, Illinois, believes that people underestimate the importance of password security.

“People think it won’t happen to them and that if it does, it can’t be that bad,” she said.

Greeno said people assume there are firewalls in place or that insurance will cover any costs.

“The cost of cybertheft is high, and passwords need to be complex and changed regularly,” she added.

Cybersecurity can increase costs, Greeno concluded, but the consequence of a cyberattack are much costlier.

Yvonne Rockwell, an Express franchise owner in Santa Clarita, California, agrees. People “do not see the value” to protecting their passwords and underestimate its importance “because they have not yet been the victim of identity theft or had a breach of security.”

Jan Riggins, general manager for two Express franchise locations in Fort Worth, Texas, emphasizes that one person’s mistakes can affect countless others.

“I have learned that in every organization, from small to large, the actions of one can affect the digital security of the company as a whole,” she said. “It’s so important to not use iterations of the same password over and over again.”

When creating a password, Express Director of Infrastructure Don Holt emphasizes the importance of choosing one that is at least 10 characters long and includes numbers, lowercase letters, uppercase letters and symbols. According to thycotic, a password constructed using this criteria, ex: "%ZBGbv]8g?, would take 289,217 years to crack on a modern computer.

Conversely, the common simple password of 123456789 would only take a modern computer 14 minutes to hack.

Holt also cautions against sharing system accounts or passwords, as there is no way for technology to stop that type of cybersecurity breach.

“Any techniques that could be used to address the sharing of passwords would greatly restrict the freedom people enjoy when accessing their data wherever they are, instead of being chained to a computer,” he said. “The best policy when it comes to sharing passwords is just don’t do it.”

According to Bill Stoller, CEO of Express, few things keep business leaders up at night like cybersecurity.

“We can all do a better job protecting ourselves online, whether it’s using strong passwords and two-factor authentication or staying up-to-date on the latest technologies and trends,” he said. “Everyone is at risk—especially if they don’t realize it.”

The survey of 335 business leaders, decision makers and job seekers was conducted in May 2019 through the Express Refresh Leadership and Job Journey blogs.

If you would like to arrange for an interview with Bill Stoller to discuss this topic, please contact Sheena Karami, Director of Corporate Communications and PR, at (405) 717-5966.

About Bill Stoller
William H. "Bill" Stoller is chairman and chief executive officer of Express Employment Professionals. Headquartered in Oklahoma City, the international staffing company has more than 800 franchises in the U.S., Canada and South Africa. Since its inception, Express has put more than 7.7 million people to work worldwide.

About Express Employment Professionals
Express Employment Professionals puts people to work. It generated $3.56 billion in sales and employed a record 566,000 people in 2018. Its long-term goal is to put a million people to work annually. For more information, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sheena Karami
Follow >
Express Employment Professionals - Headquarters
Like >
Visit website