Half of Organizations Don’t Provide Contractors with Password Managers

More than half of U.S. companies (55%) and greater than four in 10 global enterprises view third-party contractors, including MSPs and MSSPs as high security risks, a new study by password manager Bitwarden found.

Yet despite the wariness of third party providers, only 41% of U.S. enterprises and 34% of global enterprises have provided outside vendors with password managers, Bitwarden’s report found. Owing to the prevalence of credential theft by hackers, strong passwords remain a priority strategy and are important in shoring up the confidence of enterprise security decision makers. But, while security sentiments fall in line with best practices, implementation often falls short, the study showed.

In the U.S., around half (51%) of the 400 security decision makers surveyed cited ‘preventing credential theft/account takeover attacks’ as the top reason for adopting password managers. Globally, the number one priority was ‘anti-fraud’, cited by 51% of respondents, and a rationale that was second-most-popular in the U.S.

Other key takeaways from the report include:

  • 93% of enterprise respondents said they are maintaining or increasing their password management budgets.
  • Almost half (46% and 47%) of U.S. enterprises and global enterprises believe organizations should provide password management tools for employees both at work and at home.
  • A minimum password length is the most common password management requirement, mandated by 67% of U.S. enterprises and 60% of global enterprises.
  • 62% of U.S. enterprises and 59% of global enterprises said recent security breaches in other organizations made them more likely to deploy better password management.
  • 88% of U.S. enterprises and 80% of the slightly-more-humble global enterprises believe their current password security policies provide sufficient protection.
  • 52% of U.S. and global enterprises say the most common password ‘bad habit’ within their organization is poor password strength.

“Enterprises have always been at a heightened risk for security incidents,” said Bitwarden CEO Michael Crandell. “The majority store some combination of sensitive personal information, intellectual property, and financial information. This type of data is valuable to cybercriminals, who are aware that most employees don’t always use strong and unique passwords. Add in the remote work factor, and you’ve laid the groundwork for a password security perfect storm.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.