New LastPass Research Finds Password Habits Remain Key Obstacle to Business’ Security
October 08 2019 - 9:00AM
LastPass by LogMeIn today released the results of their 3rd Annual
Global Password Security Report, a study that offers insights into
employee password behaviors as well as emerging trends around
identity and access management at businesses worldwide.
Among the key findings from this year’s report is that while
more businesses are investing in security measures like multifactor
authentication (MFA), employees still have poor password habits
that weaken companies’ overall security posture. Given that stolen
and reused credentials are linked to 80 percent of hacking-related
breaches, businesses must take more action to improve password and
access security to make a big impact on risk reduction.
“Securing employee access has never been more important and
unfortunately, we see businesses ignore password security
altogether, or only half-heartedly attempt to address it,” said
Gerald Beuchelt, Chief Information Security Officer at LogMeIn.
“This report further highlights the importance of using the
identity and access management tools available to information
security managers in addition to maintaining focus on employee
training to improve password habits.”
Additional key findings from the report include:
- The Password Struggle is Real, Especially for Employees
at Small BusinessesPassword sharing and reuse remains a
common practice in most businesses, with employees reusing one
password an average of 13 times. Our data shows that employees at
businesses with fewer than 1,000 employees reuse 10-14 passwords
compared to four reused passwords among employees at larger
organizations. An overwhelming number of passwords leads to poor
password hygiene when there’s no technology in place to help. Our
data shows employees at larger companies have an average of 25
passwords to manage compared to 85 passwords for those at small
business. Due to greater availability of resources and awareness of
regulations, larger businesses may be more likely to have Single
Sign-On solutions in place that enable employees to access more
apps with fewer passwords. However, less than 50 percent of all
businesses have a Single Sign-On (SSO) solution that could make it
easier for employees to manage passwords.
- Multifactor Authentication Usage is on the Rise, But
Small Business LagsMore than half of businesses globally
(57 percent) now have employees using multifactor authentication
(MFA), up 12 percentage points from last year’s report. As
multifactor authentication options continue to improve in usability
and support for a wide range of use cases, we continue to see usage
increase. Unsurprisingly, employees at larger organizations have
the highest usage – 87 percent – which drops nearly in half (to 44
percent) at organizations with approximately 500-1,000 employees,
and less than a third (27 percent) at the smallest businesses.
Given the competing priorities of IT staff at smaller businesses,
it’s understandable that MFA may not be a priority. However, given
the number of affordable, user-friendly options available, every
business should be able to find an MFA solution that meets their
needs.
- Industry Differences: Media/Advertising are Inundated
with PasswordsIn terms of industry, media/advertising
agency employees have the most passwords to manage (97), whereas
government employees have the least (54). It’s no surprise that
employees in that media and advertising sector also have the
highest rate of password reuse – 22 – compared to just nine in the
nonprofit and retail sectors. No amount of password reuse is safe,
but some sectors have a lot more work to do. When it comes to MFA,
industries with the most sensitive customer data, like insurance
and legal, are the least likely to have employees using MFA (20
percent usage for each compared to the high of 37 percent in the
technology and software industries).
- Password Manager Adoption via Mobile
IncreasesFor the first time, this report looks at how
employees use their password manager via the LastPass app on mobile
devices. Globally, 23 percent of employees are accessing password
vaults on their smartphone, and that number is likely to grow as
mobile platform integrations improve. After the iOS 12 launch, for
example, employees used LastPass on their mobile device 50 percent
more frequently than prior to the launch. Further, user retention
is approximately 30 percent higher on average when mobile usage is
incorporated into an employee’s onboarding experience. It’s clear
that when it’s convenient for employees to access and use password
managers from their smartphone or other device of their choice,
they’re more likely to use it.
- Increased international regulation spurs action in EMEA
and APACAs global threats rise, and concerns grow about
the privacy of personal information, governments and industries are
enacting more regulations, directives and guidelines in order to
help protect the digital economy. GDPR may contribute to significant
growth in adoption of MFA in countries like Denmark (46 percent),
the Netherlands (41 percent), Switzerland (38 percent) and Germany
(32 percent). The NDB scheme may contribute to Australia’s
multifactor authentication usage growing from 6% to 29% in a
12-month period.
For more information and to read the full report, visit
https://www.lastpass.com/state-of-the-password/global-password-security-report-2019.
Additional Resources
- Full report
- Infographic & Blog
- About LastPass Identity
Report MethodologyLastPass anonymized and
aggregated data from more than 47,000 organizations who use
LastPass as their business password manager. As in previous years,
the report represents organizations of all types and sizes across
nearly every industry, as well as from a variety of regions. The
data set has also grown since last year’s report, as more
organizations begin using LastPass as their business password
manager. Though the data only reflects LastPass users, we’ve
broadened our conclusions for the business IT community at
large.
About LastPassFor more than 58,000 businesses
of all sizes, LastPass reduces friction for employees while
increasing control and visibility for IT with an access
solution that’s easy to manage and effortless to use. From single
sign-on and password management to adaptive authentication,
LastPass gives superior control to IT and frictionless access to
users. For more information, visit https://lastpass.com.
LastPass is a trademark of LogMeIn in the U.S. and other
countries.
About LogMeIn, Inc. LogMeIn, Inc. (NASDAQ:
LOGM) simplifies how people connect with each other and the world
around them to drive meaningful interactions, deepen relationships,
and create better outcomes for individuals and businesses. One of
the world’s top 10 public SaaS companies, and a market leader in
unified communications and collaboration, identity and access
management, and customer engagement and support solutions, LogMeIn
has millions of customers spanning virtually every country across
the globe. LogMeIn is headquartered in Boston, Massachusetts with
additional locations in North America, South America, Europe, Asia
and Australia.
Media Contact: Lauren Christopherson
press@lastpass.com 617-279-2443
LogMeIn (NASDAQ:LOGM)
Historical Stock Chart
From Jun 2024 to Jul 2024
LogMeIn (NASDAQ:LOGM)
Historical Stock Chart
From Jul 2023 to Jul 2024