New research suggests that strong passwords remain a cybersecurity priority, but the adoption of strong password policies continues to fall short.
According to the research from password management company Bitwarden, nearly enterprise IT decision makers are familiar with one-time passwords, email or SMS verification codes, biometrics and other passwordless authenticators, but 55% of global organizations say passwords are ubiquitous and aren’t going away anytime soon.
Coupled with remote and hybrid work, this is leading to an increased adoption of password management technologies, with 57% of global organizations deploying password managers to end users. More than 90% of enterprise respondents are maintaining or increasing their password management budgets, and about half of enterprises say end users should have access to password management tools for both the office and at home.
The survey also revealed that the most common password management requirement is a minimum password length.
About half of global respondents view third party contractors and consultants a high security risks but just 34% have deployed password managers to those third parties despite that perceived riskiness.
Those third parties, along with remote workers, are the highest risk group, but the least likely to be given password management tools, according to the research.
Bitwarden’s research also discovered that most organizations are still taking a reactive approach to cybersecurity, with about 60% saying recent security breaches make them more likely to deploy better password management tools.
“Enterprises have always been at a heightened risk for security incidents,” said Bitwarden CEO Michael Crandell, in a statement. “The majority store some combination of sensitive personal information, intellectual property, and financial information. This type of data is valuable to cybercriminals, who are aware that most employees don’t always use strong and unique passwords. Add in the remote work factor, and you’ve laid the groundwork for a password security perfect storm.”
Crandell, citing U.S. data from the study, said over one-third of respondents experienced a security incident caused by poor password management.
“While that may not seem high at first glance, it is a strikingly large percentage considering how destructive data leaks can be from a reputational, logistical and financial standpoint,” Crandell said. “Fortunately, this is a solvable problem. Over two-thirds (71%) of U.S. respondents said employees would adopt better password practices if their companies provided them appropriate tools. For enterprises, this should be a no-brainer, as strong password management is proven to mitigate risk.”