Your workers have a password problem. It's an old problem, but the risks are getting bigger.

A recent report commissioned by the New Zealand-based Mobile Mentor, an information technology and services company, shows that employees aren't managing their passwords as well as they could be: Only 31 percent of those surveyed use a password management tool. The report was conducted by the Center for Generational Kinetics, an Austin-based research firm. 

Workers are using other methods to keep track of their passwords; unfortunately, they're not very secure. Twenty-nine percent of people keep it old school by jotting down their passwords in a journal, while 24 percent record their passwords in the notes application on their cellphone, according to Mobile Mentor's report. The research surveyed 1,500 individuals--1,000 in the U.S. and 500 in Australia--working across the health care, education, government, and financial services sectors.

Storing your passwords securely can ward off future headaches like identity theft, data breaches, or financial losses. Russia's invasion of Ukraine last week highlighted the increased risk of cyberattacks against businesses. Reuters reports that U.S. banks are already preparing for cyberattacks following the sanctions that Western nations imposed on Russia. And the Santa Clara, California-based Nvidia, a chipmaker, said on Friday that it's looking into a cybersecurity incident. 

But not all businesses have the best password practices. 

Digital security company NordPass worked with independent researchers to examine more than 15.6 million breaches that Fortune 500 companies sustained. The results? The word password was one of the most popular passwords among all industries--and has been for decades.  

NordPass also recently conducted a small-scale study that revealed that some small and midsize businesses are even storing passwords in unprotected Word and Excel documents. Spoiler alert: This is an unwise tactic given security concerns, says Gerald Kasulis, NordPass's head of business and channel operations.

"Ultimately, when you store your passwords in a Word document, for instance, it's not an encrypted document," Kasulis says. "So it's easy for anyone to gain access to that document," he adds, pointing to phishing attacks as one example. 

Passwords may be a pain, but they're a necessary hindrance. So what's the latest advice for keeping track of a constantly rotating suite of passwords?

The Tempe, Arizona-based software company NortonLifeLock recommends browser password managers or password manager applications to safely store passwords. Many internet browsers, such as Google Chrome or Safari, offer password management features, though one drawback is that such a tool is browser specific. 

Employers should either go password-less and pursue other authentication measures (hello, biometrics) or provide workers with a password management tool, according to the report from CGK and Mobile Mentor. Password protection may not be a new problem, but a majority of cyberattacks stem from compromised passwords. As cyber risks pose new threats each day, businesses that stick with passwords need to double down on securing them.