Passwords are fundamental to modern life, both at home and at work. In the workplace, the security of passwords is paramount, and ensuring that employees are taking matters seriously is an important part of safeguarding any business.
A new report by LastPass — The Password Exposé — reveals the threats posed, and the opportunities presented, by employee passwords. The report starts by pointing out that while nearly everyone (91 percent) knows that it is dangerous to reuse passwords — with 81 percent of data breaches attributable to “weak, reused, or stolen passwords”, more than half (61 percent) do reuse passwords. But the real purpose of the report is to “reveal the true gap between what IT thinks, and what’s really happening.”
LastPass has used anonymized, aggregated data from businesses using its software; put together, this shows “the true state of password security.” Jumping straight into the number, the report says that even in a 250-employee company, there are an average of 53,250 passwords in use — a near-impossible number to keep track of and to know the strength of. LastPass found that people have nearly 200 passwords to remember, so it’s little wonder that password reuse is an issue.
While passwords are key to security, they also interrupt workflow. With so many apps, services and websites requiring users to login, LastPass estimates around 36 minutes a month is wasted typing out login credentials. The report also highlights a serious problem — password sharing:
On average, an employee shares about 30 items with others, according to our data. Common security advice is to keep your passwords private — and for good reason. The fewer people who know a password, the less likely it will fall into the wrong hands. In the workplace, though, sharing of credentials and other sensitive data is also an essential part of getting the job done.
From branded social media accounts managed by marketing to server configurations managed by IT, employees from all departments need to share passwords. Passwords also need to frequently be shared with vendors, partners, clients, and others.
Since sharing is an expected behavior, the key becomes ensuring each of those passwords is unique, and rotating after shared access is no longer needed — especially when an employee leaves the organization.
A worrying finding of the report is that many employees are using social media credentials to log into business systems and accounts — something which is clearly undesirable. LastPass says that companies need to implement a better framework for passwords, promoting Single Sign-On and multi-factor authentication to not only improve security, but also make life easier for employees.