An enterprise’s first line of defense, experts agree, is the employee. And the first factor of enterprise authentication is the password. It takes a single untrained pair of eyes to fall for a phishing scam to let hackers into an infrastructure.
Studies of employee behavior and password hygiene abound. The results are generally the same -- workers share passwords more often than they should, or use the same credentials for work and personal accounts across a plethora of devices.
Experts have long warned of the risks posed by poor password hygiene, yet businesses still have a lot to improve on this aspect.
“Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up,” said Frank Dickson, Research Vice President, Security Products at IDC.
LastPass anonymized and aggregated data from more than 43,000 organizations that use their product as their business password manager. The study gauges data from organizations of all types and sizes across nearly every industry, allowing for a big data set that gives researchers a more precise picture of password management.
A key finding was that big companies typically have lower security scores than smaller companies.
“Organizations with less than 25 employees had the highest average security score of 50, and the average drops as the company size increases,” the report reads. “More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviors. In larger organizations, it’s simply more challenging for IT to hold all employees to password security standards. ore on average.”
The data further shows that any given employee shares six passwords with coworkers, making password sharing a bit too prevalent in the workplace.
There’s good news too: multi-factor authentication is seeing an increasingly higher adoption rate. 45 percent of businesses now use multi-factor authentication, a significant increase from last year’s 24.5 percent, LastPass said.
The technology industry is leading the pack in password security, with the highest average security score of any industry (53). The sector is also a leader in multi-factor authentication, with 31 percent adopting methods that require two or more pieces of evidence (or factors) as part of an authentication mechanism.
“This is not surprising due to the privacy and data laws with which most must comply,” according to the report. “Whether it’s a greater awareness of available options or a stronger culture of security, organizations in the Technology sector are prioritizing extra protection.”
Unfortunately, though, the same research uncovered that heavily regulated industries like Banking, Health, Insurance and Government are not achieving comparable results.