Enterprises are failing to address poor password practices

Published on

Many enterprises are failing to practice proper password hygiene, according to a survey by Ponemon Institute. As a result, individuals and businesses are in "dire need of solutions that will offer both added security and convenience."

Growing security concerns

Ponemon Institute surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France. Overall, 63% said that they have grown more concerned about the privacy and security of their personal data over the past two years.

59% of respondents reported being more concerned due to government surveillance. Meanwhile, 51% said their worries were due to the growing use of mobile devices and 40% said that connected devices were causing concern.

"The 2019 State of Password and Authentication Security Behaviours Report", sponsored by Yubico, also uncovered respondents attitudes towards their company concerns. 47% of respondents said that their companies were most concerned about protecting customer information, while 45% said that their companies prioritised protecting employee information.

Poor password practices

It is evident that cyberattacks are becoming more prominent in the enterprise. As a result, Forcepoint predicts that companies with poor cybersecurity hygiene could lose out on business this year.

Poor password and authentication practices create vulnerabilities, which lead to attacks such as phishing. In fact, over half of the respondents (51%) said that they have experienced a phishing attack in their personal life.

44% also said that they had experienced a phishing attack at work. Although phishing attacks occur on a regular basis, 57% of respondents had not changed their password behaviour following an attack.

Stronger authentication

Even when attacks occur, it is clear that many employees are failing to address their poor password habits. As a result, new technologies with stronger authentication could make passwords redundant in the enterprise.

Identity-management company Okta asserts that its system allows organisations to replace passwords with “stronger authentication” for employees, partners and customers. The “contextual access management” system has numerous features which make it more secure than password-protection.

“The best password is no password at all," according to Todd McKinnon, CEO and Co-Founder of Okta. "Today's threat actors are targeting the weakest point of your company's security – your people – and too many are successfully compromising employee accounts due to poor or stolen passwords," he warned.

What is the next big cybersecurity threat? David Atkinson, CEO of Senseon, looked into the oncoming concerns enterprises should have over cybersecurity threats 


Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now