Passwords are the most commonly used tool for security – and the worst. In a recent study, 42% of respondents said that their organization had been compromised because of a bad, stolen or cracked password. That means that every company must make a serious commitment to improve password security if they don’t want to join that group because more than 80% of data breaches in the last 12 months were caused by password compromise.
Every day, staffers are doing a variety of things that leave companies open to password-related disasters. In a study that spanned just three months (January to March 2020), Microsoft found that 44 million of its users had used the same password on more than one account – and that’s just the tip of the iceberg.
31% of respondents in a survey admitted that their organization had been breached as a result of user credentials being shared
42% of organizations rely on sticky notes for password management
91% of participants said that they understood the risk of password reuse but 59% admitted to doing it anyway
22% of employees surveyed have shared their email password for a streaming site
17 % of employees surveyed have shared their email password for a social media platform
17 % of employees surveyed have shared their email password for an online shopping account
43% of survey respondents have shared their password with someone
72 % of people reuse work passwords for their personal accounts
32 % admitted to using a list of work passwords written on paper or kept in a text document
35 % of respondents said that they use a different password for every account
Secure identity and access management is a top priority for CISOs worldwide because it’s crucial for preventing cybercrime. A great identity and password management tool is you should start with including multifactor authentication (MFA).
It’s a simple fact: user accounts are more than 99.9% less likely to be compromised if they’re protected with MFA. This single mitigation has become a requirement in many sectors and it’s a universally lauded best practice in every industry. It stops credential stuffing cold, and takes the sting out of a phished password, as well as preventing potentially unauthorized access by malicious insiders.
If you need to see any of these tools in action or want to consult with us, feel free to contact us.