New research shows how IT is lax on basic password protection policies
If you’re not enforcing strong passwords on your employees, then you could be at risk of a breach going well into seven figures to remediate it. Yet according to new data from OneLogin, a quarter of companies surveyed don’t even require user passwords to meet a minimum length requirement.
The study, which polled more than 500 US-based executives with influence over their firm’s security systems, also found a minority require users to rotate their passwords monthly (24%) or check them against common password lists (41%). Just over half (54%) say they enforce users to change their passwords monthly.
What’s more, IT believes it is doing a decent job at password protection, which only exacerbates the situation. 93% of respondents do have guidelines around password complexity with a similar number (87%) saying this is sufficient protection for their organisation. Yet only half (49%) require their internal users to follow basic password complexity policy.
Only 42% of organisations say they use single sign on (SSO) to manage employee access to corporate applications, with one in three (34%) saying they use SSO to manage external access to company apps. Similar numbers use multi-factor authentication for internal use (36%) and to manage external access (34%).
“Passwords alone are not enough to secure your company,” said Alvaro Hoyos, OneLogin chief information security officer in a statement. “Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication.”
- » This enterprise secure messaging platform – with zero knowledge architecture – may be a Keeper
- » The MAM revival – or, why MDM was never going to stand the test of time
- » iOS continues to dominate mobile in the enterprise – with IT and media biggest movers
- » Signs of the 'always-on' culture: Poorly performing mobile devices put employees' health at risk
- » What’s holding you back from digital transformation? Let Deloitte show the way