Each year, LastPass conducts a survey that examines the state of global password security. This year, the company polled 43,000 businesses across the globe to check in on the health of organizations based on their password creation policies. The study considered the following:
- The number of duplicate passwords
- The number of sites marked “vulnerable” (due to publicly disclosed data breaches)
- The number of weak passwords
- The average strength of each password
- The strength of shared passwords
- The multifactor authentication score
Each company polled was given a score on a scale of 0-100, the highest rating possible being 100, though no organizations came close. As it turns out, the average password security score of organizations was only 52 out of 100, or what would be considered a failing grade according to standardized testing scores.
Password Protection by the Numbers
The report also found that the bigger the company, the lower the average security score — organizations with 25 or fewer employees have the highest average security score (50). Once a company hits 500 employees, the average score drops to 46.
Additionally, where a company is located has a bearing on its password protection. The most secure country, Germany, earns a score of 56 with France and the United Kingdom close behind both with scores of 52. The United States lags behind with a score of 49.
Security by Industry
This may not come as a surprise, but the industry that leads the pack when it comes to password creation and strength is the technology section which scored 53. The next most secure industry was the not-for-profit sector, earning a score of 50.
Surprisingly, heavily-regulated industries like:
Which also store vast amounts of sensitive data, did not achieve comparable (or even superior) security scores.
Best Practices for Password Protection
The average company that does not invest in password protection scored around 26, but upon the first year of investing in new policies and procedures, the average business adds an impressive 15 points to their score.
How do they make the jump? By implementing steps like the following:
Set clear password policies
The importance of a strong password policy may seem obvious, but many organizations haven’t created a formal procedure each employee must adhere to. Read our blog 5 tips for creating a stronger password policy at your organization, to learn specific policies you can implement at your company for improved password protection.
Always insist two-step authentication
The extra layer of security is the first line of defense when it comes to preventing unauthorized account access. Two-step authentication means that even if a hacker can guess an employee’s password, they will also need to know personal identifying information before accessing the account.
Discover safer ways to share files and information
LastPass’ study also revealed that an average employee shares six passwords with coworkers so they can get their work done. Password sharing creates potential backdoors into the business and leaves valuable information vulnerable. Not to mention, 50% of people do not create different passwords for personal and work accounts, exposing themselves to greater harm. Provide your employees with a safer option for sharing.
Don’t rely on password managers
Most password managers require a master password, which unlocks the vault in which all of your sensitive information is held. If a master password is compromised, so is the information the password manager protects. Password managers also rely on a cloud or a server to remember what passwords they have generated for their users. Therein lies the problem. Servers and clouds can also be hacked, which make them less secure than one might think.
Rather than focusing on management of passwords, EZPD creates passwords that are unique to devices making them nearly impossible to compromise.