In July, Password Manager surveyed 1,200 U.S. workers, from past and current employers, to better understand how seriously they take the security of workplace accounts and how secure those accounts truly are. The results reveal widespread lax practices around password security.
Key findings:
Nearly three in 10 workers (27%) admit sharing their current employer’s passwords with someone outside the company.
Among them, 45% say they do so because the other person helps them with their work, while 33% say it’s to help someone save money.
“To curb credential sharing, companies should require employees to sign an Acceptable Use Policy and undergo regular security awareness training,” says information systems and cybersecurity expert Gunnar Kallstrom. “Beyond that, it’s critical for companies to implement Role-Based Access Controls, enforce robust Identity and Access Management protocols, apply multi-factor authentication, and clearly define and enforce access policies.”
Roughly 40% of workers admit to using login credentials from a previous employer to access accounts, tools, or services. Among them, 15% say they’re actively accessing these systems, and 40% have been doing so for at least a year. The vast majority say they’ve never been caught.
When asked how they’re able to access these accounts:
Not only are these companies failing to secure their systems, but some are relying on former employees to act as their IT support. About 17% of workers report they’ve had a former employer reach out to them because they forgot a password.
“As part of the offboarding process, all company access should be revoked from the former employee. If this does not happen, the company exposes itself to unnecessary risk,” says Kallstrom.
“Some of the risks that the company accepts are the possibility of a former employee committing sabotage against the company. Some additional risks are data breaches, intellectual property theft, financial loss, disruption of operations, and reputational damage. As far as the risks to individuals, they include legal consequences, accidental misuse, and exposure to liability.”
Among those who accessed accounts from a former employer, more than half (53%) say they did so to save money. An additional 36% admit they were simply too lazy to set up their own account. A small percentage (2%) say they accessed old accounts intending to disrupt company activity.
For those using former employer accounts to save money, the financial benefit is often significant:
This survey, commissioned by Password Manager and conducted online via the polling platform Pollfish in July 2025, includes responses from 1,200 U.S. adults who are currently employed full-time.
To ensure data quality, participants were required to confirm that they understood and consented to the survey. Pollfish uses organic sampling through random device engagement (RDE), delivering surveys randomly to verified users who meet the target criteria. This method helps reduce bias and ensures a diverse and demographically relevant sample.
Questions can be directed to [email protected].