Can employees be incentivised to create stronger passwords?


Updated Research continues to show the struggle of the password in keeping enterprise security. But is there a solution to keep employees – and employers – in shape?

In June, survey data from Centrify found that one in three admitted suffering from ‘password rage’ – one in six were so frustrated they screamed or shouted in the office, while one in seven admit they tear a strip off their colleagues. Back in January, research from SailPoint showed 14% of respondents would give their work password to a third party organisation if the price was right.

With that in mind, these comments from Dropbox head of trust and security Patrick Heim are particularly interesting: potentially offering employees incentives, in this case free storage, to bulk up their passwords.

The comments from Heim, as reported by V3, shows the number one challenge for the cloud storage provider as users reusing credentials across multiple websites. To avoid remembering multiple passwords, the likes of password managers and two-factor authentication have long been available. Dropbox recently added two factor authentication to and tiered administrative controls to its product.

If you do this, Heim notes, you’re in “pretty good shape” – but there’s a big gap between those who do this and those who don’t. Changing consumer attitudes is difficult, therefore Dropbox is looking at issuing a security ‘health check’ to identify levels of authentication and data sharing settings for users, and those who go through it will be rewarded with free storage.

David Lavenda, VP of marketing and product strategy at, argues Dropbox “is doing the right thing” with this proposed play. He told Enterprise AppsTech: “Dropbox needs to make a play for the enterprise to maintain its leadership. It’s already being used by business people; it needs to find a way not to be kicked out because of security concerns, so what they are doing makes sense.

"If they can crack the security code, they have a very long runway to success,” he added. “Focusing on this problem by offering incentives makes total sense in the prosumer type of environment in which they play.”

Poor password management is said to cost businesses thousands per year; more research from Centrify, this time back in October, found employees waste on average £261 a year in company time trying to manage multiple passwords.

It’s worth noting that cloud storage is a fairly straightforward commodity for the vendors involved; Microsoft, for example, offers free OneDrive storage to anyone who is an Office 365 subscriber. Similarly, Dropbox has made a concerted push in recent months to beef up its security plays, with the company praised for its response to a major vulnerability in the Android SDK, as well as certification with the emerging ISO/IEC 27018 privacy standard.

Dropbox declined to make further comment. Do you agree employees can be incentivised to create stronger passwords? in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

4 Jul 2015, 7:07 a.m.

Being able to create strong passwords is one thing. Being able to recall them is another. And, being able to recall the relations between the accounts and the corresponding passwords is yet another. 

Biometrics are password-dependent. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. And, in a world with passwords killed dead , we have no safe sleep.

At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.