Are your password practices as secure as you think?

New research suggests that organisations are failing to recognise that their security practices are poor

New research suggests that organisations across the UK and US are failing to recognise that their password practices are incredibly poor.

Across enterprises in the UK and US, corporate password hygiene is incredibly poor. In fact, the vast majority of organisations are failing to implement robust password practices and therefore remain vulnerable to cyberattacks.

Current password practices

In order to determine how companies are protecting passwords, OneLogin partnered with Arlington Research and conducted an in-depth survey of 600 IT professionals. Overall, the research found that enterprises believe that they are dramatically safer than their actual password practices would suggest.

In fact, over 90% of organisations said that their current protection measures provided adequate protection. Nevertheless, just a third of companies in either country adopted the practice of checking passwords against common password lists.

Only 14.7% of US and 18.7% of UK enterprises checked passwords against rainbow tables, while just 23.9% of US and 22.4% of UK respondents used complexity algorithms. Despite this, most companies did require regular password resets.

While resets are useful, a third or more of companies demanded regular password tests far too frequently. With this in mind, almost a third of UK companies and 41% of their US counterparts had up to 25 apps that required individual passwords.

36.7% of US companies and a whopping 60% of UK companies had between 26 and 100 apps requiring individual passwords. As a result, a combined total of 23.7% of companies in both countries spent over 20 hours a week resetting passwords.

Lack of tools leads to security issues

Aside from passwords, a lack of tools such as Identity and Access Management (IAM) systems created even more security risks. In both countries, less than a third had implemented Multi-Factor Authentication (MFA).

Furthermore, less than 50% of organisations in the UK and US used single sign-on (SSO). As IAM, MFA, or SSO are key tools for password security, a failure to implement these solutions could result in disastrous consequences.

For example, companies failed to deprovision ex-employees fast enough, thus opening themselves up to data breaches. In fact, 21.7% of US companies and 19.3% of UK enterprises took up to a month to deprovision departing employees.

With this in mind, a lack of modern tools is evidently putting companies at a constant risk of cyberattack. In order to enlighten insecure organisations, OneLogin has produced another whitepaper detailing the methods required to tackle these security issues.

How can businesses stay ahead of the increasingly complex cyber threat landscape? Listen to the latest episode of our Cybersecurity Responding to Demand podcast to find out