Poor passwords putting many businesses at risk

Image Credit: Shutterstock (Image credit: Image Credit: Ai825 / Shutterstock)

New research from OneLogin has revealed that UK IT leaders are putting their business data at risk by not effectively managing employees' passwords.

In conjunction with World Password Day, the Unified Access Management firm surveyed 300 IT decision makers across the UK to uncover their attitudes towards password hygiene and the emphasis placed upon internal policies to protect business networks.

Despite the fact that 98 percent of IT decision makers have company guidelines in place around password complexity and 95 percent fell their current password protection measures and guidelines provide adequate protection for their business, OneLogin's research has revealed there is still a lot of work to be done.

Empowering CISOs to strengthen password security
Google boosts password security with Password Checkup Chrome extension
These are the best password managers

Of those surveyed, two thirds (66%) don't check passwords against common password lists and over three quarters (78%) don't check employee passwords against password complexity algorithms. This poor password hygiene is leaving UK businesses vulnerable to cyberattacks.

Password hygiene

Chief technology officer and founder at OneLogin, Thomas Pedersen provided further insight on the firm's password management report, saying:

"This report should be a reminder to every business leader in the UK to carefully review their password management. Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords."

While the majority of respondents do practice good password hygiene, many indicated that basic fundamentals are often lacking. Fewer than 19 percent check passwords against rainbow tables, over half (51%) don't require special characters and just under half (47%) don't require numbers and upper and lower case characters (37%).

OneLogin also found that only 53 percent require single sign-on integration, only 35 percent have implemented password complexity policies and 70 percent have not implemented password rotation policies.

Prepare for any eventuality with the best disaster recovery services

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.