Poor passwords putting many businesses at risk

Image Credit: Shutterstock
(Image credit: Image Credit: Ai825 / Shutterstock)

New research from OneLogin has revealed that UK IT leaders are putting their business data at risk by not effectively managing employees' passwords.

In conjunction with World Password Day, the Unified Access Management firm surveyed 300 IT decision makers across the UK to uncover their attitudes towards password hygiene and the emphasis placed upon internal policies to protect business networks.

Despite the fact that 98 percent of IT decision makers have company guidelines in place around password complexity and 95 percent fell their current password protection measures and guidelines provide adequate protection for their business, OneLogin's research has revealed there is still a lot of work to be done.

Of those surveyed, two thirds (66%) don't check passwords against common password lists and over three quarters (78%) don't check employee passwords against password complexity algorithms. This poor password hygiene is leaving UK businesses vulnerable to cyberattacks.

Password hygiene

Chief technology officer and founder at OneLogin, Thomas Pedersen provided further insight on the firm's password management report, saying:

"This report should be a reminder to every business leader in the UK to carefully review their password management. Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords."

While the majority of respondents do practice good password hygiene, many indicated that basic fundamentals are often lacking. Fewer than 19 percent check passwords against rainbow tables, over half (51%) don't require special characters and just under half (47%) don't require numbers and upper and lower case characters (37%).

OneLogin also found that only 53 percent require single sign-on integration, only 35 percent have implemented password complexity policies and 70 percent have not implemented password rotation policies.