What is the safest way to keep your passwords?
Perhaps using a password manager is considered one of the better ways to manage your passwords, especially in a working environment. Unfortunately, despite the available technologies, new Keeper Security study shows that more than 50% of American employees use sticky notes to remember their passwords. Needless to say, this sticky note habit creates various security risks.
So, what else do the results say?
The habit of keeping passwords on sticky notes or notebooks continues to be trendy in the remote work era. 66% of employees say that they are more likely to write down work-related passwords while working from home. 62% of asked employees shared that they use a notebook to keep their credentials. Most of these people also keep their notebooks close to their work devices, which creates a security risk. 51% of the participants in the study said that they keep their passwords in a document on their computer’s desktop.
Another troublesome trend is that 62% have shared a work-related password over text message or an email, making it possible for threat actors to intercept the communication and harvest the passwords. Surprisingly, 46% said that their employers encouraged them to share passwords for accounts used by more people.
To sum it up:
- 57% save passwords on sticky notes
- 49% save passwords in unprotected, plain-text documents
- 62% share passwords by text message and email
More details are available in the original report.
The so-called PyXie malware is an example of a remote access trojan used against several industries to steal passwords and other sensitive details. The malware has been deployed in conjunction with Cobalt Strike and a downloader similar to Shifu.
The capabilities of PyXie RAT include man-in-the-middle interception, web injections, keylogging functionalities, credential harvesting, network scanning, cookie theft, clearing logs, recording video, running arbitrary payloads, monitoring USB drives and exfiltrating data, among others.