1Password Study Reveals the Dangers of Shadow IT Account Creation

1Password Study Reveals the Dangers of Shadow IT Account Creation

1Password released new research concerning the dangers of “Shadow IT” in enterprises of all sizes. In a blog post from the solution provider, it defines Shadow IT as the accounts employees create without security authorization or awareness. As these accounts open without proper monitoring, they open the enterprise network to identity-based attacks. 

Learn more and compare products with the Solutions Review Identity Management Buyer’s Guide

1Password offers a password manager service combined with single sign-on capabilities. In addition, it secures logins and private documents and enables single touch form-filling. It can function across all devices, browsers, and operating systems via device syncing. Further, 1Password provides password breach monitoring and checks for weak, compromised, or duplicated credentials.

According to the blog post, 63 percent of surveyed enterprise professionals created at least one account without involving their IT team. Moreover, 51 percent created between two and five accounts of which the IT department doesn’t know. Around one-third of professionals reuse memorable passwords for new accounts (a proven identity security risk). Nearly half use a pattern of similar passwords, while 37 percent shared an account with a colleague.

Additionally, 1Password notes that when employees do share their credentials, they use notoriously unsecure communication methods. These include email, instant messenger, password manager, spreadsheet, or verbal communication. Only around 14 percent use a password generator.

In the blog post sharing the findings, Jeff Shiner explores the dangers of Shadow IT. “But when employees use services without the authorization of the IT team, it brings risks…Without thinking about it, they’re sharing a lot of important data with external companies that IT doesn’t even know about.” 

“If one of these services suffers a breach, the company won’t know it affects them, which leaves them powerless to secure their data after the event. It also means they’ll be unable to disclose it to their customers. This could leave any company facing costly fines and a huge loss of trust in its operations.”

Learn more about 1Password here

Ben Canner