Weak password policies may be putting your organization at risk for data breaches, according to a new survey from security firm OneLogin.
While 93% of IT decision-makers said their company has guidelines in place around password complexity, these rules varied greatly, the survey found: Only 24% of companies require employees to rotate passwords on a monthly basis, while 53% said they require passwords to be changed quarterly.
Password requirements also differ company by company: Some 25% don't require user passwords to meet a minimum length, and 41% check employee passwords against common password lists.
SEE: Password Policy (Tech Pro Research)
Only 30% of companies, on average, enforce mandatory authentication requirements for internal corporate applications, the report found. Some 43% use Single Sign-on (SSO) integration, while 36% use multi-factor authentication, and 32% use password hashing.
Despite these findings, 87% of IT decision makers said they believed their password guidelines offer sufficient protection for their organization.
OneLogin surveyed 567 US IT decision-makers for this most recent report. A previous survey from OneLogin found that ex-employees were also a major security threat, with 20% of organizations reporting that they experienced data breaches by ex-employees who still had access to corporate accounts and applications.
With the General Data Protection Regulation (GDPR) coming into effect in Europe in May 2018, not adequately protecting your organization from breaches could lead to penalties as high as 4% of annual revenue, the survey noted.
"Passwords alone are not enough to secure your company," said Alvaro Hoyos, CISO at OneLogin, in a press release. "Companies need to be more forward-thinking when it comes to identity and access management."
For tips on creating strong passwords, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- 93% of IT decision-makers said their company has guidelines in place around password complexity. -OneLogin, 2017
- Some 24% of companies require employees to rotate passwords on a monthly basis, while 53% said they require passwords to be changed quarterly. -OneLogin, 2017
- 87% of IT decision makers said they believed their password guidelines offer sufficient protection for their organization. -OneLogin, 2017
- Almost half of IT security incidents are caused by company employees, report says (TechRepublic)
- Mobile security is really about risk and identity management (ZDNet)
- iCloud Keychain encryption bug exposes iOS passwords, credit card numbers (TechRepublic)
- The dumbest passwords people still use (ZDNet)
- Password Management Policy Template (Tech Pro Research)
- Ethical Password Hacking and Security (TechRepublic Academy)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.