Despite the clear danger that passwords pose to organizations, more than half of IT executives in a recent survey said they rely solely on employees to monitor their own password behavior.
Despite this, employees are struggling with the task: The survey from LastPass and Ovum, which queried a few hundred IT executives and corporate employees in EMEA, revealed that 76% of employees regularly have problems with password usage or management,and nearly a third of users need help desk support at least once every month.
This onus on personal responsibility translates into companies wrestling with a lack of visibility and control. Yet the majority are not doing enough, if anything at all, to address the situation.
For instance, in terms of what organizations are doing to enforce strong passwords, 62% of IT executives rely exclusively on employee education. Employees are essentially on their own, with no technology in place to enforce any password strength requirement.
Also, outdated manual processes still prevail: IT executives at 4 in 10 companies still rely on entirely manual processes to manage user passwords for cloud applications. In fact, 75% of IT executives lack control over the cloud-based applications used by their employees, subsequently leaving the company at risk, shining a light on the disconnect between IT policy and human behavior.
Defense against password sharing is far too weak as well. When asked how they guard against unnecessary password sharing, 63% of IT execs had no technology in place and only 14% have the automated control facilities in place to know when it is happening.
“This research has clearly identified [that] there is an urgent need to close the password security gap,” said Andrew Kellett, principal analyst for Infrastructure Solutions at Ovum. “Far too many organizations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”
Matt Kaplan, GM of LastPass, added: “In many cases, an organization’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices. The threat posed by human behavior, coupled with the absence of technology to underpin policy, is leaving companies unnecessarily at risk from weak or shared passwords. Organizations need to focus on solving for both obstacles in order to significantly improve their overall security.”