1Password released new research concerning the dangers of “Shadow IT” in enterprises of all sizes. In a blog post from the solution provider, it defines Shadow IT as the accounts employees create without security authorization or awareness. As these accounts open without proper monitoring, they open the enterprise network to identity-based attacks.
1Password offers a password manager service combined with single sign-on capabilities. In addition, it secures logins and private documents and enables single touch form-filling. It can function across all devices, browsers, and operating systems via device syncing. Further, 1Password provides password breach monitoring and checks for weak, compromised, or duplicated credentials.
According to the blog post, 63 percent of surveyed enterprise professionals created at least one account without involving their IT team. Moreover, 51 percent created between two and five accounts of which the IT department doesn’t know. Around one-third of professionals reuse memorable passwords for new accounts (a proven identity security risk). Nearly half use a pattern of similar passwords, while 37 percent shared an account with a colleague.
Additionally, 1Password notes that when employees do share their credentials, they use notoriously unsecure communication methods. These include email, instant messenger, password manager, spreadsheet, or verbal communication. Only around 14 percent use a password generator.
In the blog post sharing the findings, Jeff Shiner explores the dangers of Shadow IT. “But when employees use services without the authorization of the IT team, it brings risks…Without thinking about it, they’re sharing a lot of important data with external companies that IT doesn’t even know about.”
“If one of these services suffers a breach, the company won’t know it affects them, which leaves them powerless to secure their data after the event. It also means they’ll be unable to disclose it to their customers. This could leave any company facing costly fines and a huge loss of trust in its operations.”
Learn more about 1Password here
- Identity Management Lessons from the UC San Diego Health Attack - July 28, 2021
- The Biggest IAM News Items During the First Half of 2021 - July 27, 2021
- When is it Time to Replace Your Homegrown Identity Management? - July 26, 2021