The IT industry continues to hammer home the idea that identity security and password hygiene are often the first lines of defense when it comes to cyberattacks, yet organizations continue to engage in poor practices and have trouble balancing security requirements and user experiences.
Just recently, we have covered several studies from IT companies about the importance of securing end users’ credentials. One such study from Specops found that malicious cyber actors are adapting to password security trends by using complex passwords in brute force and spraying attacks. Another study, this one from NordPass, reveals that a significant amount of companies still have users that are keeping track of passwords in plain text documents that are not password protected. This is happening even as the number of exposed credentials increased last year by 15%.
The state of the IT industry is not helping, as more and more cloud apps designed to help organizations shift to an increasingly digital environment defined by remote and hybrid work models. Along with those apps come another set of credentials that IT has to manage.
According to a recent IDC study sponsored by LastPass, the sheer volume of passwords used in the enterprise is the number one identity challenge. That issue rises above other pain points, such as user access, authentication controls, and dealing with legacy systems.
“This really speaks to the prevalence and just how pervasive password problems really are in organizations,” says Katie Petrillo, director of product marketing at LastPass.
According to one 2021 LastPass study, workers have to remember between 50 and 120 passwords, which can lead to poor password security practices and compromise of accounts. Further, LastPass says 65% of people almost always reuse the same password or a variation, and 45% didn’t change their password even after a breach occurred.
“These are not new challenges,” Petrillo says. “They are very much heightened by the pandemic and remote work and the rise of cyberattacks that we have been seeing over the last couple of years.”
According to the LastPass/IDC study, balancing security requirements and user experience is the top identity challenge (38%), following by employee struggling with too many passwords (32%).
At large organizations, the amount of passwords is a key challenge for 36%, while 40% of the public sector says the same.
While much of the focus when it comes to credential security has been on tools such as single sign-on or multifactor authentication, a password management solution has been deployed at 45% of organizations according to the LastPass/IDC study.
The COVID-19 pandemic and the resulting exodus out of the office to remote work environments brought about an urgency for solving some password security issues, but what was lacking was a solution to the dozens of passwords workers must remember, Petrillo says.
“I think some of this is due to like the disparate nature of remote work, but also how traditional identity and access management (IAM) solutions are not really built to solve for passwords in this remote environment,” Petrillo says. “Because you have employees that are working all over the world and they’re no longer mostly confined to like an office network and an office security perimeter, which is what a lot of the traditional IAM tools are meant to solve for.”
Employees are now demanding a seamless work experience without getting bogged down in security protocols, with the study finding that one in three global organizations are struggling to balance user experience, productivity and security.
“We’re sort of at the mercy of our employees and what they are doing in their homes or at the Airbnb they’re working from that week,” Petrillo says. “They need to do their jobs and get access, but they need to do so in a way that is simple for them and gives them peace of mind and security.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!