UK Orgs Lose 2.5 Months a Year on Poor Password Management
Businesses in the UK lose an average of two-and-a-half months per year in time spent dealing with poor password management, according to new research from OneLogin.
As detailed in its report Password Practices 2019, OneLogin surveyed 600 global IT professionals to gauge how companies are protecting passwords in terms of tools, guidelines and practices.
The key findings indicated that companies spend too much time resetting passwords that users have forgotten, believe they are dramatically safer than their password practices actually suggest and have failed to move quickly to adopt the tools that solve the password problem, like SSO, SAML, OAuth and MFA.
What's more, businesses are not heeding the latest password guidelines, Onelogin claimed, speci?cally regarding password rotation and checking passwords against lists of commonly-used passwords, compromised passwords and rainbow tables. Two thirds of those surveyed admitted they do not check passwords against common password lists and 78% do not check employee passwords against password complexity algorithms.
Thomas Pedersen, OneLogin’s chief technology officer and founder, said: “The benefits of innovative technology to facilitate modern business practices is clearly yet to be recognized by the average UK business overwhelmed by day-to-day password management processes. Trust must be built between businesses and B2B tech vendors, as a lot of businesses are stubbornly struggling in the dark and avoiding the topic of ‘digital transformation’ to free up employee and operational efficiencies.”
Pedersen urged businesses to streamline and simplify Identity and Access Management processes by implementing SSO and MFA tools.
“By doing so they will be freeing up skilled IT professionals to focus on tasks that drive greater business value and connect dispersed workforces. Organizations that don’t, may not survive the next two to five years. The quick adoption of automated tools is key to business survival.”
Source: Information Security Magazine