Passwords remain top (and only) security measure for many companies

Two-step verification is still not mainstream, as a third of companies with more than a thousand employees have admitted that they still use password only access, a new research has shown.

A study by access control innovator, SecureAuth, shows that despite much debate, the password isn’t dead yet as two in five IT decision makers (ITDMs) admit that passwords are their only IT security measure.

The research, conducted by Opinium for SecureAuth, studied the approach businesses have to their IT security. The research covered 500 IT decision makers in organisations in the UK with 50 or more employees. Fieldwork was undertaken between 20 February and 4 March 2015 and the survey was carried out online.

Results show that, besides the third of companies using password-only security, one in five respondents said they ‘don’t know’ how many IT security policies their company currently has.

The entertainment, hospitality and leisure industry is taking the most risks with its data as two thirds (65 per cent) of respondents from this sector admit their organisations only use passwords as a security method.

Additionally, almost half (45 per cent) of ITDMs from public sector organisations revealed they also only use passwords.

Yet the majority of ITDMs (63 per cent) believe passwords are enough to keep their data safe.

“It’s extremely concerning just how many businesses still use passwords as their only method of protection against malicious hackers and the false confidence they seem to have in their current security systems is only further cause for concern,” commented Nick Mansour, Executive Vice President of Worldwide Sales at SecureAuth.

“Over the last 12 months, there have been an incredible number of data breaches occurring where lax access controls and the theft of credentials have played a key part in the loss of sensitive data. These organisations who are continuing to blindly use passwords alone to secure their corporate networks need to wake up to the fact that there are a number of inherent risks that come with relying on using passwords to protect valuable data.

"Organisations of all sizes, from all sectors, should be doing more to address these issues,” said Mansour.