Skip to main content

Many firms do not enforce proper password rotation policies

password
(Image credit: Image source: Shutterstock/Ai825)

Security best practice dictates that it's important for employees to regularly change their password. However, a new report from VPNOverview suggests that most organizations don't even have a password rotation policy in place.

What's more, even if the necessary policies are implemented, many businesses fail to enforce them, while employees are likely to prioritize convenience over security.

Polling 1,247 workplaces for the report, VPNOverview found that almost half of the respondents were unaware of their employer's password rotation policy. More than half fail to adhere, while almost two thirds of those that do simply use the same few passwords.

Overall, according to the report, just seven percent of employees regularly rotate or change their passwords.

There are multiple reasons behind this behavior, with most prevalent being the fear of forgetting the new password. Employees are also annoyed by the requirement and often don't understand the point.

But it's not just employees that are guilty of this negligence. Members of the C-suite are even more likely not to follow password rotation policies, it was added.

“Password rotation is such a simple policy that both businesses and employees can put in place to safeguard and protect their work. Changing your password every 2-3 months is a really effective way to deter cyberattacks, and although yes, some may find it frustrating, it could save a lot of heart ache down the line,“ said David Janssen, founder of VPNOverview.com.

“It was shocking to see that so many workers didn’t realise what the point in regularly changing their password is, and it’s clear from our research that companies and employees alike need to be educated on the importance of implementing policies such as these.”