New research shows how IT is lax on basic password protection policies
If you’re not enforcing strong passwords on your employees, then you could be at risk of a breach going well into seven figures to remediate it. Yet according to new data from OneLogin, a quarter of companies surveyed don’t even require user passwords to meet a minimum length requirement.
The study, which polled more than 500 US-based executives with influence over their firm’s security systems, also found a minority require users to rotate their passwords monthly (24%) or check them against common password lists (41%). Just over half (54%) say they enforce users to change their passwords monthly.
What’s more, IT believes it is doing a decent job at password protection, which only exacerbates the situation. 93% of respondents do have guidelines around password complexity with a similar number (87%) saying this is sufficient protection for their organisation. Yet only half (49%) require their internal users to follow basic password complexity policy.
Only 42% of organisations say they use single sign on (SSO) to manage employee access to corporate applications, with one in three (34%) saying they use SSO to manage external access to company apps. Similar numbers use multi-factor authentication for internal use (36%) and to manage external access (34%).
“Passwords alone are not enough to secure your company,” said Alvaro Hoyos, OneLogin chief information security officer in a statement. “Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication.”
- » Forget facial recognition: Let’s use AI to help gauge integrity
- » How secure mobile messaging is starting to make progress in healthcare
- » P is for productivity: How Android 9.0 focuses on enterprise mobility
- » Enterprise mobility and security: How to build a BYOD policy
- » Machine learning in staffing and recruitment: Three key applications