Businesses are adopting password security measures such multifactor authentication in greater numbers but poor password hygiene persists, a new study by access security specialist LastPass said.
“The clear message is businesses still have a lot of work to do in the areas of password and access security,” the company said in its latest Global Password Security Report. “Even as many more businesses make the important investment in solutions to address password security and thus safeguard employee access, more action is needed after deployment to bring password hygiene up to par across the organization.”
Although LastPass aggregated data from roughly 47,000 organizations using its software platform to compile the report, the company contended that the “breadth and depth of the data set” are broad enough to extend to the wider security community.
Here’s are some of the study’s macro highlights:
- More than half of businesses globally have employees using multifactor authentication.
- IT admins take advantage of policies and integrations to increase security and streamline management, but more IT admins could be mandating the use of multifactor authentication.
- The Netherlands is the leader in multifactor authentication use.
- The ability to access passwords on mobile significantly improves the experience and employee adoption.
- Password reuse is still widespread.
- Internationally, increased regulations appear to be a driving factor in password security awareness.
- IT organizations must take responsibility for ongoing training and take proactive measures to eliminate risky password behaviors.
Here’s some drill-down data (based on LastPass customers’ responses):
- 57% of businesses globally are using MFA, up 12 percentage points from last year’s report.
- 95% of employees using MFA are using a software-based multifactor
- Employees at technology/software companies were most often using MFA. Many education organizations also have employees using MFA.
- The industries that would benefit greatly from MFA due to the sensitive customer data they handle are least likely to have employees using MFA.
- Globally, 23% of employees are accessing their passwords on their smartphone.
- Password sharing is a common practice in most businesses. Many departments or teams may have just one or two licenses for a service that needs to be accessed by several employees, or shared with external contractors or organizations.
- Businesses with fewer than 1,000 employees tend to have the highest rates of password reuse at 10 - 14 times. Larger businesses of more than 1,000 employees are at about four times.
Training employees on security hygiene best practices is a necessity for businesses, LastPass said. “Not only does training need to be a part of your original onboarding plan, it needs to be an ongoing effort to encourage adoption and usage of security tools,” the report reads.