Bigger isn't better when it comes to password security
A new study by LogMeIn, the company behind the LastPass password manager shows that size matters in password security, but not in the way that you might think.
Looking at anonymized data from over 43,000 companies, the study produced a security score and a password strength score for each. Businesses with fewer than 25 employees had the highest average security score of 50, but the average drops as company size increases.
Having more employees means more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behavior. In larger organizations, it's simply more challenging for IT to hold all employees to password security standards.
The highest average security score is in the technology industry (53), not surprising given the privacy and data laws with which most must comply. But other heavily-regulated industries lag behind, banking with a score of 49, tied with health and government, and insurance on 47.
On a positive note, multi-factor authentication is being more widely adopted and is now in use in 45 percent of businesses, up from 24.5 percent last year. Again the tech sector leads the way with 31 percent adoption.
"Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses have struggled to quantify their own level of password risk," says Gerald Beuchelt, chief information security officer at LogMeIn. "This report offers fellow information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors. In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security."
The full report is available from the LastPass website and there's a summary of the findings in the infographic below.