Nearly two-thirds (65%) don’t check employee credentials against common password lists; poor password practices lead to identity chaos in some enterprises
SAN FRANCISCO, May 2, 2019 — In conjunction with World Password Day, OneLogin, a leading provider of simple password reset solutions, today announced new research indicating that IT leaders in the United States are putting business data at risk by not effectively managing employees’ passwords. Despite the fact that 91% report they have company guidelines in place around password complexity, and 92% believe their current password protection measures and guidelines provide adequate protection for their business, the results suggest there is still a lot of work to be done.
OneLogin surveyed 300 IT decision makers across the U.S. to discover their attitudes towards password hygiene. Download the password management report. Respondents indicated that nearly two-thirds (65%) don’t check employee passwords against common password lists and more than three-quarters (76%) don’t check employee passwords against password complexity algorithms. This poor password hygiene is leaving U.S. businesses vulnerable to cyber-attacks.
“This report should be a reminder to every business leader in the U.S. to carefully review their password practices,” said Thomas Pedersen, OneLogin’s chief technology officer and founder. “Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords.”
Companies lack consistent password fundamentals
While the majority of respondents practice good password hygiene, many respondents indicated that basic fundamentals are often lacking:
- Fewer than 15% check passwords against rainbow tables.
- Around one third (32%) don’t require special characters or a minimum length (35%).
- More than one in four don’t require numbers (29%) and upper and lower case (28%).
- One-fifth of U.S. businesses rotate passwords less than twice per year.
Poor password hygiene leaves corporate applications vulnerable
Mandatory requirements for internal corporate applications are also concerning:
- Only 42% require single sign-on (SSO) integration.
- Only 39% have implemented password complexity policies.
- 63% have not implemented password rotation policies.
“Companies need to adopt a security-first approach with simple identity and access management features, such as OneLogin, to eliminate passwords via SSO and protect access via MFA,” added Pedersen.
About OneLogin, Inc.
OneLogin, the leader in Unified Access Management and simple password reset solutions, connects people with technology through a simple and secure login, empowering organizations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,500 customers worldwide. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, blog, Facebook, Twitter or LinkedIn.