Skip to main content

Reusing passwords could be putting your business at risk of attack

(Image credit: Image source: Shutterstock/scyther5)

Most hacking incidents in the business world occur because of poor employee password hygiene, the third annual Global Password Security Report claims. Issued by password manager LastPass, the report claims that password sharing and reuse still plagues the business world by a large margin.

On average, employees reuse one password 13 times. There is a significant difference between smaller and larger organisations. The bigger the organisation, the fewer passwords its employees have to manage. Also, larger organisations are more inclined towards using modern security solutions, such as multifactor authentication tools.

Businesses with fewer than 1,000 employees reuse 10-14 passwords, while employees at larger corporations reuse four passwords.

When it comes to the amount of passwords employees need to manage, the private sector is having a tougher time, the report adds. Employees in the media and advertising industry have the most passwords to manage (97), while government employees have the least – 54.

However, businesses understand the risks with poor password management and are increasingly turning towards multifactor authentication (MFA) as a solution. More than half of businesses (57 per cent) globally now have employees using MFA, up 12 per cent compared to last year.

Employees at larger organisations have the highest usage, while employees at SMBs have the lowest. LastPass also says that more and more people are accessing password vaults on their mobile devices, which it says is due to various improvements on mobile platforms.

“Securing employee access has never been more important and unfortunately, we see businesses ignore password security altogether, or only half-heartedly attempt to address it,” said Gerald Beuchelt, Chief Information Security Officer at LogMeIn.

“This report further highlights the importance of using the identity and access management tools available to information security managers in addition to maintaining focus on employee training to improve password habits.”