Organizations rely heavily on employees to monitor password behavior, putting the company at risk and highlighting the gap between IT policy and human behavior, according to a new report from LastPass and Ovum.
Some 61% of IT executives rely exclusively on employee education to enforce strong passwords, according to a survey of 355 IT executives and 550 corporate employees across North America, Europe, and Asia-Pacific. And weak password systems put users and companies at risk: 76% of employees reported that they regularly have problems with password usage or management, the survey found.
These issues also lead to problems for IT, the survey found: More than a third of employees said they need password-related help desk support at least once every month.
The cloud has also posed new password and access complications, the report stated: 78% of IT leaders said they lack the ability to access and control Software as a Service (SaaS) apps used by their employees.
SEE: Password Management Policy (Tech Pro Research)
"This research has clearly identified an urgent need to close the password security gap," Andrew Kellett, principal analyst of infrastructure solutions at Ovum, said in a press release.
At four out of ten companies surveyed, IT leaders said they still rely on entirely manual processes to manage user passwords for cloud applications. Few companies offer protections against password sharing as well: 64% of IT leaders surveyed said they had no technology in place to defend against password sharing, while just 14% used automated control facilities to do so.
"In many cases, an organization's password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices," Matt Kaplan, general manager of LastPass, said in the release. "The threat posed by human behavior coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organizations need to focus on solving for both obstacles in order to significantly improve their overall security."
To learn more about current password best practices for employees, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- 61% of IT executives rely exclusively on employee education to enforce strong passwords. -LastPass and Ovum, 2017
- 76% of employees say they regularly have problems with password usage or management. -LastPass and Ovum, 2017
- 64% of IT leaders say they had no technology in place to defend against password sharing. -LastPass and Ovum, 2017
- How to make your employees care about cybersecurity: 10 tips (TechRepublic)
- On World Password Day, here are 4 tips to keep your online accounts secure (TechRepublic)
- Report: 19% of business passwords 'easily compromised' (TechRepublic)
- The dumbest passwords people still use (ZDNet)
- How to create stronger passwords by using data-driven feedback (TechRepublic)
- Unhackable: Personal Cyber Security Course (TechRepublic Academy)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.