Passwords remain pervasive as an authentication method for many businesses and organizations, but poor password practices can backfire on security.

In a new report, 77% of security professionals believe passwords are becoming ineffective in securing their IT environments, and 53% say passwords within their organizations are vulnerable to modern hacking tools. The findings come from a survey of nearly 200 IT security professionals conducted by Lieberman Software last month during the RSA Conference 2016 held in San Francisco. 

The use of default passwords and sharing of the same password among team members are some of the factors leading to security breaches, the study says. More than one-third (36%) of respondents say their IT staff share passwords. 

“If the vast majority of respondents think passwords are failing, then it’s time to rethink how we’re using them. Attackers use automated methods to brute force credentials and gain privileged access to enterprise networks - often in a matter of minutes. Once they’re inside, they can nest there anonymously, biding their time until it’s opportune to strike," said Philip Lieberman, president and CEO of Lieberman Software.

Many organizations spend most of their security budget on conventional security tools, but these tools work effectively only against identified cyberthreats, and are not able to defend against new and advanced threats and attacks, the report says. Some 45% of IT security professionals think their organizations are not well-prepared for a cyberattack, and 55% have their end users change their passwords more regularly than IT changes its own administrative credentials.

See more detailed survey findings here.