View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
October 1, 2018updated 02 Oct 2018 7:39am

LastPass Survey Reveals Smaller Companies Lead the Way in Password Security

While MFA use is soaring, it is still an exception in larger companies, where password sharing is rife

By jonathan chadwick

A survey of more than 3,000 companies and their enterprise password security by password manager LastPass reveals that multi-factor authentification (MFA) use has nearly doubled in a year.

Yet the larger companies get, the poorer their password hygiene is, with the health, insurance and government sectors all performing particularly poorly in terms of MFA use, LastPass found.

According to the company’s 2018 Global Password Security Report, organisations with 25 or fewer employees had the highest security score.

The score – which takes into account factors such as the number of duplicate passwords, the number of weak passwords, and the strength of shared passwords — worsens as company size increases, the survey found.

Read more: UK consumers trust biometrics over passwords

“Once a company hits 500 employees, the average security score holds steady at 46,” the LastPass survey reads. “It seems that organisations of over 500 people, whether 1,000 or 10,000, face similar challenges in improving password hygiene.

“In larger organisations, it’s simply more challenging for IT to hold all employees to password security standards. However, large businesses shouldn’t let those challenges become excuses…size is merely a factor IT professionals need to account for.”

The report said that companies rolling out a password manager gain, on average, nearly 15 security score points in the first year of doing so.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Some 45 percent of the businesses surveyed are using multi-factor authentication, meanwhile, up from 24.5 percent last year.

Multi-Factor Authentication: 5 Percent of Companies That Have 500-1,000 Employees Bother

Again, larger companies were found to be less likely to use multi-factor authentication. Those with between 501 and 1,000 employees had a multi-factor authentication usage rate of 5 percent. For companies with employees numbering 10,001 and over, this was even worse, at 3 percent.

In comparison, multi-factor authentication usage was found to be at 41 percent for companies with 25 or fewer employees.

Amazingly, the LastPass survey said that “any given employee” now shares about six passwords with co-workers, up from last year’s four.

LastPass survey

Employees were also found to mix their choice of passwords for work and pleasure. 50 percent of employees across the survey were found to not bother creating different passwords for personal and work accounts.

Across the different industries, technology companies that need to comply with privacy and data laws were found to lead the pack, with an average score of 53 – the highest average score for an industry. The top security score for technology was 97, meanwhile, joint highest with banking.

“Solving the password problem improves security, productivity, brand perception, employee satisfaction, and even your customer experience,” the LastPass survey concludes. “The organisations that can rapidly and effectively address their password challenges are well positioned to safely navigate their business into the future.”

SplashData’s annual report of the 100 worst passwords was topped by “12345”, followed by “password”, “12345678”, and “qwerty”. Also in the top 20 were “starwars”, “letmein”, and “admin”.

As biometrics, multi-factor authentication, and password managers become more advanced, consumers are moving beyond password-only approaches, according to an IBM blog earlier this year.

These approaches could also include blockchain, says Microsoft.

Read more: Is it Time to Send Passwords on Holiday?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.