- Security TWENTY
- Women in Security
Business data is being put at risk because employees’ passwords are not effectively managed, according to a company offering Unified Access Management and password reset products. Despite 98pc of IT decision makers having company guidelines in place around password complexity, and 95pc feeling their password protection measures and guidelines provide adequate protection for their business, there is still a lot of work to be done, says OneLogin.
Two-thirds (66pc) don’t check passwords against common password lists and more than three-quarters (78pc) don’t check employee passwords against password complexity algorithms. This poor password hygiene is leaving UK businesses vulnerable to cyber-attacks.
Released for World Password Day, the product firm surveyed 300 IT decision makers across the UK, on their attitudes towards password hygiene and the emphasis placed upon internal policies to protect business networks. The study found differences between the policies to protect business networks, and how the attitudes translated through to employee password requirements.
Thomas Pedersen, OneLogin’s chief technology officer and founder said: “This report should be a reminder to every business leader in the UK to carefully review their password management. Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords.”
While a majority of respondents said that they practice good password hygiene, many respondents indicated that basic fundamentals are often lacking:
– Fewer than 19pc (18.7pc) check passwords against rainbow tables;
– Over half (51pc) don’t require special characters; and
– Just under half don’t require numbers (47pc) and upper and lower case (37pc).
As for password hygiene, mandatory requirements for internal corporate applications are also lacking:
– Only 53pc require single sign-on (SSO) integration;
– Only 35pc have implemented password complexity policies; and
– 70pc have not implemented password rotation policies.