Our regular readers may notice a pattern emerging on our identity and access management site; namely, we tend to focus in on password security and password vulnerabilities.
We assure you, we do so deliberately. Password vulnerabilities may constitute the single greatest threat to your business’ identity security and your digital security overall. Passwords serve as the number one connection your employees have to your identity policies and to their own online identities. Hackers desire little else than to steal passwords for their own gain, as entry ways into the network and as tools for their evasion tactics.
Moreover, few threats remain as underestimated as password vulnerabilities. Reused or weak passwords can open the door to external threat actors many times over. Unless your enterprise invests in an identity and access management solution with a strong password management component or with a multifactor authentication protocol, your security stays fragile.
To hammer home this point, we’ve compiled some research on password vulnerabilities. Here they are, by the numbers:
By the Numbers: Enterprise Password Vulnerabilities
Some numbers outline the extent and the depth of the issue at hand:
- Over the past two years, enterprise data breaches have increased 75% according to “A New Approach To Passwords Security” by Julia O’Toole of Mycena.
- 81% of breaches stem from weak, stolen, or reused passwords, according to Verizon.
- Nearly 10% of users selected at least one of the 25 worst passwords for one of their accounts, according to SplashData.
- 3% used “123456,” the password ranked the #1 worst, as at least one of their passwords, according to SplashData in 2017.
- In 2018, “123456” remains the #1 worst password still in use.
- 59% of users repeat their stolen passwords, according to Rachael Stockton of LogMeIn.
Why Do Password Vulnerabilities Persist?
Their ubiquity poses an inherent issue for passwords; with few meaningful alternatives apart from two-factor and multifactor authentication (which enterprises have adopted at a painfully slow rate) passwords embody a particular old phrase: “I know it’s rigged, but it’s the only game in town.”
- According to Julia O’Toole of Mycena, users need to remember between 80 and 90+ passwords.
- Other studies, including by Dashlane, place the number of passwords required for daily life at 150 or more.
- Dashlane expects the number of passwords to double to 300 by 2022.
- 86% of users keep track of their passwords by memorizing them, according to a Pew Research Center study in 2017.
- 39% of users find it challenging to keep up with their passwords as is.
- 32% of American adults favor biometrics over passwords, according to Callsign.
- 58% of American workers prefer passwords over biometrics in the workplace.
What Can My Enterprise Do?
To reduce the risk of password vulnerabilities, you should deploy a next-gen identity and access management solution. Ideally the solution you select should offer password management and multifactor authentication capabilities. These will reduce the burden of passwords on your overall identity security and and help your business transition into the modern digital marketplace securely.
In conclusion, passwords are an enduring relic of the past, for good or ill. Don’t let them dictate your future.
Latest posts by Ben Canner (see all)
- Key Findings: The Gartner 2019 Critical Capabilities for Identity Governance and Administration - November 13, 2019
- 60 Percent of Enterprises Misunderstand Cloud Security Responsibility Sharing - November 12, 2019
- 5 Identity Management Insight Videos for 2019 (and 2020) - November 11, 2019