While MFA use is soaring, it is still an exception in larger companies, where password sharing is rife
A survey of more than 3,000 companies and their enterprise password security by password manager LastPass reveals that multi-factor authentification (MFA) use has nearly doubled in a year.
Yet the larger companies get, the poorer their password hygiene is, with the health, insurance and government sectors all performing particularly poorly in terms of MFA use, LastPass found.
According to the company’s 2018 Global Password Security Report, organisations with 25 or fewer employees had the highest security score.
The score – which takes into account factors such as the number of duplicate passwords, the number of weak passwords, and the strength of shared passwords — worsens as company size increases, the survey found.
Read more: UK consumers trust biometrics over passwords
“Once a company hits 500 employees, the average security score holds steady at 46,” the LastPass survey reads. “It seems that organisations of over 500 people, whether 1,000 or 10,000, face similar challenges in improving password hygiene.
“In larger organisations, it’s simply more challenging for IT to hold all employees to password security standards. However, large businesses shouldn’t let those challenges become excuses…size is merely a factor IT professionals need to account for.”
The report said that companies rolling out a password manager gain, on average, nearly 15 security score points in the first year of doing so.
Some 45 percent of the businesses surveyed are using multi-factor authentication, meanwhile, up from 24.5 percent last year.
Multi-Factor Authentication: 5 Percent of Companies That Have 500-1,000 Employees Bother
Again, larger companies were found to be less likely to use multi-factor authentication. Those with between 501 and 1,000 employees had a multi-factor authentication usage rate of 5 percent. For companies with employees numbering 10,001 and over, this was even worse, at 3 percent.
In comparison, multi-factor authentication usage was found to be at 41 percent for companies with 25 or fewer employees.
Amazingly, the LastPass survey said that “any given employee” now shares about six passwords with co-workers, up from last year’s four.
Employees were also found to mix their choice of passwords for work and pleasure. 50 percent of employees across the survey were found to not bother creating different passwords for personal and work accounts.
Across the different industries, technology companies that need to comply with privacy and data laws were found to lead the pack, with an average score of 53 – the highest average score for an industry. The top security score for technology was 97, meanwhile, joint highest with banking.
“Solving the password problem improves security, productivity, brand perception, employee satisfaction, and even your customer experience,” the LastPass survey concludes. “The organisations that can rapidly and effectively address their password challenges are well positioned to safely navigate their business into the future.”
SplashData’s annual report of the 100 worst passwords was topped by “12345”, followed by “password”, “12345678”, and “qwerty”. Also in the top 20 were “starwars”, “letmein”, and “admin”.
As biometrics, multi-factor authentication, and password managers become more advanced, consumers are moving beyond password-only approaches, according to an IBM blog earlier this year.
These approaches could also include blockchain, says Microsoft.