Password madness. Companies are aware of user’s password problems, but are not doing enough to solve them
Passwords for the majority of staff are a daily bane that can affect their productivity, but IT management is doing little to help matters.
Indeed, the study found that 62 percent of IT executives rely exclusively on employee education to enforce strong passwords, and 63 percent of IT execs have no technology in place to guard against unnecessary password sharing.
The survey into enterprise password practices saw Ovum survey 355 IT executives and 550 corporate employees around the world.
On the staff side the study found that more than three-quarters (76 percent) of European employees admit that passwords regularly impact their productivity.
And nearly three-quarters said they would want to use a tool to help store and access passwords without needing to remember each one if their company offered a solution.
This lack of single sign-on (SSO) in many organisations is exacerbating password usage problems, the study found.
And unfortunately many firms are still utilising outdated manual processes, as IT executives at four in ten companies still rely on entirely manual processes to manage user passwords for cloud applications.
Read More: The History of the password
“This research has clearly identified there is an urgent need to close the password security gap,” said Andrew Kellett, Principal Analyst, Infrastructure Solutions at Ovum. “Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”
“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices”, said Matt Kaplan, GM of LastPass.
“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords,” said Kaplan. “Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”
The Ovum study recommends that as most European companies are aware they lack visibility and control of employee access for SaaS applications, they should take action to ensure that cloud password management is strengthened.
Another recommendation is that employee education programs continue, but management should rely on these programs to keep their systems secure. It recommends that effective password management tools are put in place to ensure compliant with company password policies.
And finally the study recommends that organisations adopt a password management tool to help staff and improve security.