New research shows how IT is lax on basic password protection policies

If you’re not enforcing strong passwords on your employees, then you could be at risk of a breach going well into seven figures to remediate it. Yet according to new data from OneLogin, a quarter of companies surveyed don’t even require user passwords to meet a minimum length requirement.

The study, which polled more than 500 US-based executives with influence over their firm’s security systems, also found a minority require users to rotate their passwords monthly (24%) or check them against common password lists (41%). Just over half (54%) say they enforce users to change their passwords monthly.

What’s more, IT believes it is doing a decent job at password protection, which only exacerbates the situation. 93% of respondents do have guidelines around password complexity with a similar number (87%) saying this is sufficient protection for their organisation. Yet only half (49%) require their internal users to follow basic password complexity policy.

Only 42% of organisations say they use single sign on (SSO) to manage employee access to corporate applications, with one in three (34%) saying they use SSO to manage external access to company apps. Similar numbers use multi-factor authentication for internal use (36%) and to manage external access (34%).

“Passwords alone are not enough to secure your company,” said Alvaro Hoyos, OneLogin chief information security officer in a statement. “Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication.”

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.