US companies waste over two months a year resetting passwords
To mark today's World Password Day, access and identity management company OneLogin has released a report that shows IT professionals at US companies waste 2.5 months a year resetting internal passwords.
It also finds that almost half of US businesses (44 percent) take up to a month or more to deprovision ex-employees, while 28 percent take a full working week.
OneLogin surveyed 300 IT decision makers across the US to discover their attitudes towards password hygiene. Nearly two-thirds (65 percent) of respondents don't check employee passwords against common password lists and more than three-quarters (76 percent) don't check employee passwords against password complexity algorithms. This leaves US businesses vulnerable to cyber attacks.
"This report should be a reminder to every business leader to carefully review their password practices," says Thomas Pedersen, OneLogin's chief technology officer and founder. "Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords."
When it comes to password strength, 63 percent don't require special characters and 65 percent don't enforce a minimum length password. More than one in four corporate passwords don't require numbers (71 percent) and upper or lower case differentiators (72 percent). 63 percent have not implemented password rotation policies.
"Companies need to adopt a security-first approach with simple identity and access management features, such as OneLogin, to eliminate passwords via SSO and protect access via MFA," adds Pedersen.
The full report is available from the OneLogin site.