LastPass released the “2018 Global Password Security Report,” revealing true password behaviors in the workplace and creating a benchmark that businesses can use to measure progress when investing in password security tools.
The report, which analyzed anonymized data in over 43,000 companies of all sizes, industries, and geographies using LastPass as their business password manager, draws a picture of password management for the business IT community.
“Security professionals often fail to consider the value of the first factor of enterprise authentication – the password. Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up,” said Frank Dickson, Research Vice President, Security Products at IDC.
The bigger the company, the lower the security score on average
Organizations with less than 25 employees had the highest average security score of 50, and the average drops as the company size increases. More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviors. In larger organizations, it’s simply more challenging for IT to hold all employees to password security standards.
Investing in an enterprise password management tool is moving the needle
Within the first year of investing in a password management tool, a business gains nearly 15 security points. This represents a significant improvement in the company’s security posture over time and is a tangible metric to validate the investment.
Password sharing is prevalent in the workplace
On average, the report data shows that any given employee now shares six passwords with coworkers. As teams become more distributed and technology-dependent, the ability to protect, track and audit shared passwords is more important than ever.
Multi-factor authentication is gaining in popularity
As concerns about password security grow, multi-factor authentication is an increasingly-favored way to protect an organization. 45 percent of businesses use multi-factor authentication, which represents a significant increase from last year’s 24.5 percent. Again, the Technology sector lead the pack with 31 percent adopting multi-factor authentication. Whether it’s a greater awareness of available options or a stronger culture of security, organizations in the Technology sector are prioritizing extra protection.
Technology industry is leading the pack in password security
The highest average security scores are in the Technology industry (53). This is not surprising due to the privacy and data laws with which most must comply. What is surprising, is that heavily-regulated industries like Banking, Health, Insurance and Government are not achieving comparable (or even superior) average securityscores.
“Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses have struggled to quantify their own level of password risk,” said Gerald Beuchelt, CISO at LogMeIn. “This report offers fellow information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors. In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security.”