Get access to the exclusive HR Resources you need to succeed in 2018!
SHRM board member David Windley discusses how unconscious bias can derail workplace diversity efforts.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Some workers are peddling their network passwords for peanuts
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
A hundred dollars can buy a lot of things—a new pair of shoes; dinner out; dozens of songs on iTunes.
Or a password.
For a price, 1 in 5 employees would sell the passwords they use to access their employers’ computer networks if asked, according to a 2016 survey from SailPoint Market Pulse, an identity and access management company headquartered in Austin, Texas.
About 1,000 office workers at private organizations with at least 1,000 employees across Australia, France, Germany, the Netherlands, the United Kingdom and the United States were interviewed for the survey.
Aside from moral and ethical concerns, selling passwords in the U.S. may be a violation of online privacy and identity theft laws at the federal and state level, including in California, Florida and New York.
The survey found that 44 percent of respondents would sell their passwords for less than $1,000; some would sell their passwords for less than $100. The highest percentage of people willing to sell their passwords was in the U.S., at 27 percent. The lowest percentages were in Australia and the Netherlands, at 12 percent.
“Some people may think that they’ll sell their password today and then change it tomorrow and it’s fine,” said SailPoint President and founder Kevin Cunningham. “The actual selling isn’t as much of an issue as the risk to information. When someone has those credentials, it can cause real damage—everything from identity theft to money stolen.”
A password should be viewed in the same way as a lock on a door—and treated as such.
According to Karl Stallknecht, CEO of Slable, an IT solutions firm in Woodbridge, Va., password-selling can pose serious risks for employers and employees alike. An employer can experience a very serious security breach, and an employee can put his or her job in jeopardy.
“Almost any employer would most likely pursue legal action against an employee who was doing this. At that point, an employer would need to assume every password that the employee in question had access to was compromised,” he said.
Cunningham says HR departments can take a proactive approach by training employees on how to keep data safe and making sure employees are aware of the risks involved if they do sell their passwords. Employees who receive any type of phishing scam or password-buying offer should immediately report it to HR.
In addition to an employee willingly giving up his or her sign-on information, hackers can figure out passwords with the right technology. According to Cunningham, it can take anywhere from three hours to three days to decipher an eight-character password. Increasing the password by just one character raises that time frame to between eight and 275 days.
“A computer can guess 4 billion password combinations in a short amount of time,” Cunningham says. “Have a mix of alphanumeric combinations with characters, and don’t use predictable passwords like names and birth dates. Or the word ‘password.’ ”
Despite best efforts, however, passwords are never 100 percent secure, Stallknecht said. Changing passwords on a monthly basis is a good habit.
“It is important that not every employee within a company has access to every password,” he added. “Passwords should be treated on a ‘need to know’ basis whenever possible.”
Here are some password security tips:
5 Password Security Tips
Rena Malai is a freelance writer based in Washington, D.C. She has worked internationally, covering a range of topics including technology, human interest issues, Capitol Hill and legal briefs. She can be reached at firstname.lastname@example.org.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
SHRM Annual Conference & Exposition
SHRM’s HR Vendor Directory contains over 3,200 companies