Survey: 90% of IT Leaders Guilty of Reusing Passwords

Bitwarden has released the results of its second annual Password Decisions Survey, which explored the technology being used by IT decision makers, the security risks they face and take, and their password management and password sharing practices. The survey was conducted on 400 IT decision makers by Propeller Insights.

The survey confirmed that password manager solutions are now commonly used by businesses. 86% of respondents said they use password management software, which is up 3% from last year. It is more efficient for the same password manager to be used across the organization, with 84% of IT decision makers saying they want their employer to ensure the same enterprise password management solution is used by everyone. However, the survey revealed a reluctance to use stand-alone password managers. The reason why many do not is due to the perceived high price (50%) and time constraints (43%), even though there are cost effective solutions and company-wide rollouts can be painless with assistance provided by the IT department.

Despite the widespread use of password managers, risky password practices are still common. 90% of IT leaders said they reuse passwords across multiple sites, with 75% saying they reuse passwords on 5 or more sites. Only 8% of IT decision makers said they do not reuse passwords on multiple platforms.

Many respondents admitted to sharing passwords via email, messaging applications, verbally, or in shared online documents. The move to remote working due to the pandemic saw these insecure methods of password sharing increase. The number of IT decision makers who shared passwords via email jumped from 39% to 53% over the space of a year, with 41% saying they share passwords via messaging apps and 31% saying they share passwords verbally. Even with the high number of people using password managers, 53% of respondents said they store passwords in a file on their computers and 29% said they write them down.

“People need easy ways to transmit sensitive information with end-to-end encryption via email, which is where Bitwarden Send comes in,” said Bitwarden CEO Michael Crandell. “Implementing the right tools from the C-suite level down will streamline communication within your organization and keep your credentials secure so you can do business faster, safely.”

The number of businesses using 2-factor authentication to secure accounts has increased to 88%, although there was concern that it slows workflow (45%) and 44% said adoption was slow due to the time it takes to implement, although in terms of improvements to security it is well worth the time and effort.

Shadow IT is a risk for organizations as it can give cyber actors a foothold in the network, yet many employees and IT decision makers use unauthorized software as a workaround to improve efficiency. 30% of employees and IT decision makers admitted to using shadow IT, with 68% of them saying it makes them more efficient, 48% saying they do so due to a lack of authorization for certain applications, and 38% because of slow response times from the IT department.

This year, there was greater fear about cybersecurity, in part due to the number of cyberattacks – 53% said their organization had suffered a data breach. 61% said remote working had weakened their security posture, as they think remote workers are far laxer about cybersecurity. The Great Resignation is also a cause of concern for 23% of IT decision makers, with the large turnover of staff making password management more difficult.

The full findings of the 2022 Password Decisions Survey can be downloaded here.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of