Your Ex-Employees Might Still Be Using Your Accounts. Here’s Why That’s a Problem.
A staggering 40% of U.S. employees admit to using login credentials from previous jobs—many to dodge subscription fees—and most have never been caught.
That’s the top-line finding from a new survey by PasswordManager.com, a site focused on password security and internet safety. Based on responses from 1,200 currently employed U.S. adults, the July 2025 study highlights a growing security blind spot for businesses: their own alumni.
And it’s not just a minor policy violation. For some ex-employees, unauthorized access is delivering serious ROI. Over half (53%) say they use old credentials to avoid paying for tools and services—some saving upwards of $300 a month.
What’s Fueling the Access Gap?
Lax offboarding is largely to blame. According to the survey:
-
60% of those accessing old accounts said the passwords were never changed
-
28% got in via current employees
-
20% simply guessed the password
That’s right—one in five guessed the password. Whether that’s a sign of poor password hygiene or a reliance on weak credentials (“Welcome123,” anyone?), the implication is clear: companies aren’t locking the digital doors behind departing staff.
Sharing Isn’t Caring—It’s a Threat
The security lapse isn’t confined to past jobs. More than 1 in 4 workers (27%) admitted to sharing current employer credentials with people outside the company. Reasons varied:
-
47% said the person was helping them with work
-
33% wanted to help someone else avoid paying for a tool
In an era when sensitive data is often just one login away, this kind of credential generosity could be catastrophic. It blurs lines of accountability, exposes companies to data leaks, and weakens security infrastructure from within.
Four Years of Freeloading—and Still Undetected
Perhaps the most unsettling stat: 1 in 10 respondents say they’ve been using old job logins for more than four years—often without the employer knowing.
Worse, 17% say they’ve even been contacted by their old companies for help logging in. It’s a bleak reminder of how often companies fail to maintain institutional knowledge around access credentials, even after employees leave.
What Security Experts Recommend
Cybersecurity expert Gunnar Kallstrom isn’t surprised by the results—but he is concerned. He emphasizes several must-haves for companies serious about curbing these behaviors:
-
Acceptable Use Policies (AUPs): Every employee should sign one
-
Role-Based Access Controls (RBAC): Limit what employees can access based on role
-
Multi-Factor Authentication (MFA): Especially for critical tools and systems
-
Strict Offboarding Protocols: Deactivate accounts immediately after exit
-
Regular Security Training: Keep employees alert to real-world risks
“These are foundational,” Kallstrom says. “Without them, you’re not just leaving the door unlocked—you’re leaving it wide open.”
The Bigger Picture: Culture Meets Convenience
What this survey ultimately reveals isn’t just a failure of process—it’s a workplace culture that hasn’t caught up to its own digitization.
Tools once locked in office cabinets are now floating in the cloud, available from anywhere, anytime. Convenience, cost-cutting, and collaborative habits (especially in hybrid and freelance-heavy teams) have normalized password sharing as a quick fix.
But the long-term costs—in data breaches, compliance failures, and customer trust—far outweigh the short-term gains.
If your company hasn’t recently audited access credentials, retrained staff on security practices, or updated offboarding protocols, it might be time to start.
Before your next breach comes from someone you used to employ.
Join thousands of HR leaders who rely on HRTechEdge for the latest in workforce technology, AI-driven HR solutions, and strategic insights
