Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Overall, the survey finds that strong passwords remain a priority strategy and are important in shoring up the confidence of enterprise security decision makers. But, while security sentiments fall in line with best practices, implementation often falls short.
Weak passwords are vulnerable to password theft or compromise, which has led the enterprise to complement passwords with strategies such as OTP (one time passwords), email verification codes, SMS, or biometric factors. Almost all (96%) of global respondents claim familiarity with these types of passwordless authenticators. Yet, 55% of all global respondents and 60% of all U.S. respondents said passwords are ubiquitous.
Increased remote work has compelled 63% of U.S. respondents to deploy password management technologies, compared with 57% globally. When asked about the main reasons for adopting password managers, efficacy won out over convenience. In the U.S., 51% of respondents cited ‘preventing credential theft/account takeover attacks’ as the top reason for adopting password managers.
Globally, the number one priority was ‘anti-fraud’, cited by 51% of respondents, and a rationale that was second-most-popular in the U.S. Time-saving and reducing help desk calls were of lower priority, both in the U.S. and globally.
Enterprise password management practices
- 93% of enterprise respondents said they are maintaining or increasing their password management budgets
- 46% and 47% of U.S. enterprises and global enterprises believe organizations should provide password management tools for employees both at work and at home
- A minimum password length is the most common password management requirement, mandated by 67% of U.S. enterprises and 60% of global enterprises
- 55% of U.S. companies and 45% of global enterprises view third parties (outside contractors, consultants etc.) as high security risks. This was followed by remote/mobile non-IT staff, at 44% (U.S.) and 42% (global)
- Despite the perceived contractor riskiness, only 41% of U.S. enterprises and 34% of global enterprises have deployed password managers to third parties
- 62% of U.S. enterprises and 59% of global enterprises said recent security breaches in other organizations made them more likely to deploy better password management
- A whopping 88% of U.S. enterprises and 80% of the slightly-more-humble global enterprises believe their current password security policies provide sufficient protection
- 52% of U.S. and global enterprises say the most common password ‘bad habit’ within their organization is poor password strength
“Enterprises have always been at a heightened risk for security incidents,” said Bitwarden CEO Michael Crandell. “The majority store some combination of sensitive personal information, intellectual property, and financial information. This type of data is valuable to cybercriminals, who are aware that most employees don’t always use strong and unique passwords. Add in the remote work factor, and you’ve laid the groundwork for a password security perfect storm.”
Added Crandell, “In the U.S., over one-third (35%) of respondents experienced a security incident caused by poor password management. While that may not seem high at first glance, it is a strikingly large percentage considering how destructive data leaks can be from a reputational, logistical and financial standpoint. Fortunately, this is a solvable problem. Over two-thirds (71%) of U.S. respondents said employees would adopt better password practices if their companies provided them appropriate tools. For enterprises, this should be a no-brainer, as strong password management is proven to mitigate risk.”