Passwords on Post-Its: Cloud Computing Causing Clouded Judgment Among Nine-to-Fivers

A telling study by IT services provider Softchoice reveals that slapdash and downright careless employee behaviour with cloud-based SaaS (software as a service) could leave corporate networks vulnerable.

The survey of 1,000 North American office workers split the group between SaaS users and non-SaaS users. When it came to password security, the SaaSers were found to be:

  • over 2x more likely to display their passwords on Post-it notes;
  • 10x more likely to store passwords on unprotected or shared drives;
  • and 3x more likely to keep passwords in an unprotected document.

And before you chalk it up to old Harold and Martha getting sloppy because they’re two years from retirement and can’t be arsed to follow proper IT procedure, check this out: the study found that twenty-somethings were more than 2.5x more likely than baby boomers to keep their app passwords in plain sight.

Softchoice fingers a few factors that led to these results. They found that fewer people are striking that quasi-mythical work/life balance we always hear so much about; SaaS apps allow employees to download and store work files on their own terms, where and when they need them—and that can often mean on a cloud-based file storage app to easily work from home, IT department be damned.

The study also mentions the immediacy that SaaS has trained people to expect. The need to accomplish a task right now using certain helpful cloud-based apps often trumps any concern for data security.  

i have my own theory about why password management is getting out of control, and it can be summed up in a certain xkcd comic. Put it this way: the more that SaaS apps require their own unique password requirements of character counts, upper- and lowercase combinations, “special” characters, bans on passwords we’ve used previously, and periodical password refresh requirements, stock in 3M and their Post-it Notes is gonna rise.


Comic: xkcd