What we Know About Global Password Security

Password Security

Each year, LastPass conducts a survey that examines the state of global password security. In 2018, the company polled 43,000 businesses across the globe to check in on the health of organizations based on their password creation policies. The study considered the following:

  • The number of duplicate passwords
  • The number of sites marked “vulnerable” (due to publicly disclosed data breaches)
  • The number of weak passwords
  • The average strength of each password
  • The strength of shared passwords
  • The multifactor authentication score

Each company polled was given a score on a scale of 0-100, the highest rating possible being 100, though no organizations came close. As it turns out, the average password security score of organizations was only 52 out of 100, or what would be considered a failing grade according to standardized testing scores.

Password Protection by the Numbers

The report also found that the bigger the company, the lower the average security score — organizations with 25 or fewer employees have the highest average security score (50). Once a company hits 500 employees, the average score drops to 46.

Additionally, where a company is located has a bearing on its password protection. The most secure country, Germany, earns a score of 56 with France and the United Kingdom close behind both with scores of 52. The United States lags behind with a score of 49.

Security by Industry

This may not come as a surprise, but the industry that leads the pack when it comes to password creation and strength is the technology section which scored 53. The next most secure industry was the not-for-profit sector, earning a score of 50.

Surprisingly, heavily-regulated industries like:

  • Banking
  • Health
  • Insurance
  • Government

Which also store vast amounts of sensitive data, did not achieve comparable (or even superior) security scores.

Best Practices for Password Protection

The average company that does not invest in password protection scored around 26, but upon the first year of investing in new policies and procedures, the average business adds an impressive 15 points to their score.

How do they make the jump? By implementing steps like the following:

Set clear password policies  

The importance of a strong password policy may seem obvious, but many organizations haven’t created a formal procedure each employee must adhere to. Read our blog 5 tips for creating a stronger password policy at your organization, to learn specific policies you can implement at your company for improved password protection.  

Always insist two-step authentication

The extra layer of security is the first line of defense when it comes to preventing unauthorized account access. Two-step authentication means that even if a hacker can guess an employee’s password, they will also need to know personal identifying information before accessing the account.

Discover safer ways to share files and information

LastPass’ study also revealed that an average employee shares six passwords with coworkers so they can get their work done. Password sharing creates potential backdoors into the business and leaves valuable information vulnerable. Not to mention, 50% of people do not create different passwords for personal and work accounts, exposing themselves to greater harm. Provide your employees with a safer option for sharing.

Don’t rely on password managers

Standard password managers keep all of your passwords in cloud, PC or USB. Therein lies the problem. Servers and clouds can also be hacked, which make them less secure than one might think.

Rather than storing the passwords, EZPD creates passwords that are unique to each user and regenerate them on demand. This makes them nearly impossible to compromise.

Sign up for free use of EZPD today.


Posted

in

Tags: