83.50 +0.50 +0.6% Volume: 524,992 April 23, 2019

New LastPass Benchmark Report Finds Nearly 50 Percent of Businesses Have Yet to Take Control of Password Security

Oct 01, 2018
Report finds the average employee shares six passwords with coworkers, making password management more important than ever

BOSTON, Oct. 01, 2018 (GLOBE NEWSWIRE) -- LastPass by LogMeIn, a leader in password management, today released the first annual, 2018 Global Password Security Report,” revealing true password behaviors in the workplace and creating a benchmark that businesses can use to measure progress when investing in password security tools. The global report, which analyzed anonymized data in over 43,000 companies of all sizes, industries, and geographies using LastPass as their business password manager, draws a precise picture of password management for the business IT community. Two benchmark scores are highlighted in the report: The LastPass Security Score and the LastPass Password Strength Score1.

LastPass by LogMeIn logo
LastPass


Released on the first day of National Cybersecurity Awareness Month (NCSAM), data from the report reveals that while businesses are making strides in strengthening password security, there’s more work to be done –with the average password security score of organizations found to be 52 out of 100. 

“Security professionals often fail to consider the value of the first factor of enterprise authentication— the password. Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up,” said Frank Dickson, Research Vice President, Security Products at IDC. “Having a security benchmark such as what LastPass has provided with this report will help enterprises quantify their password risk, compare how they stack up to enterprises of similar size, and gauge the effectiveness of their enterprise password management deployment.”

Additional key findings include:

  • The bigger the company, the lower the security score on average
    Organizations with less than 25 employees had the highest average security score of 50, and the average drops as the company size increases. More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviors. In larger organizations, it’s simply more challenging for IT to hold all employees to password security standards.
  • Investing in an enterprise password management tool is moving the needle
    Within the first year of investing in a password management tool, such as LastPass, a business gains nearly 15 security points. This represents a significant improvement in the company’s security posture over time and is a tangible metric to validate the investment.
  • Password sharing is prevalent in the workplace
    On average, the report data shows that any given employee now shares six passwords with coworkers. As teams become more distributed and technology-dependent, the ability to protect, track and audit shared passwords is more important than ever.
     
  • Technology industry is leading the pack in password security
    The highest average security scores are in the Technology industry (53).  This is not surprising due to the privacy and data laws with which most must comply. What is surprising, is that heavily-regulated industries like Banking, Health, Insurance and Government are not achieving comparable (or even superior) average Security Scores.
  • Multi-factor authentication is gaining in popularity
    As concerns about password security grow, multi-factor authentication is an increasingly-favored way to protect an organization. 45 percent of businesses use multi-factor authentication, which represents a significant increase from last year’s 24.5 percent. Again, the Technology sector lead the pack with 31 percent adopting multi-factor authentication. Whether it’s a greater awareness of available options or a stronger culture of security, organizations in the Technology sector are prioritizing extra protection. 

“Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses have struggled to quantify their own level of password risk,” said Gerald Beuchelt, Chief Information Security Officer at LogMeIn. “This report offers fellow information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors. In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security.”

Resources

Report Methodology
LastPass anonymized and aggregated data from more than 43,000 organizations who use LastPass as their business password manager. Much like The LastPass Password Exposé, this report represents organizations of all types and sizes across nearly every industry. Compared to that report, the data set has grown significantly and allows us to draw a more precise picture of password management. Though the data only reflects LastPass users, we’ve broadened our conclusions for the business IT community at large.

About LastPass
LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. For more information, visit https://lastpass.com.

LastPass is a trademark of LogMeIn in the U.S. and other countries.

About LogMeIn, Inc.
LogMeIn, Inc. (Nasdaq: LOGM) simplifies how people connect with each other and the world around them to drive meaningful interactions, deepen relationships, and create better outcomes for individuals and businesses. One of the world’s top 10 public SaaS companies, and a market leader in communication & conferencing, identity & access, and customer engagement & support solutions, LogMeIn has millions of customers spanning virtually every country across the globe. LogMeIn is headquartered in Boston with additional locations in North and South America, Europe, Asia and Australia.

Media Contact:
Lauren Van Dam
press@lastpass.com
781-897-1328

1 The LastPass Password Strength Score evaluates the combined, averaged password strength of all passwords stored in the user’s vault. The LastPass Security Score builds on the Password Strength Score to evaluate whether passwords are duplicated, vulnerable or otherwise weak. The score also considers multifactor authentication usage and other security settings, to show the complete picture of password security for an individual user.

7304.jpg

Source: LogMeIn, Inc.

NASDAQ:LOGM
Price 83.50 +0.50 +0.6% Volume: 524,992 Apr 23, 2019 PM ET Pricing delayed 20 minutes> More

Email Alerts

Email *
Mailing Lists *






 
Enter the code shown above.

Investor Contact

Rob Bradley
Vice President of Investor Relations
Phone: (781) 897-1301

InvestorRelations@LogMeIn.com

Disclaimer

You are now leaving LogMeIn's website and are being directed to a website that is operated and maintained by a third party (an "External Site"). LogMeIn does not control the External Site and is not responsible for the data, content or availability of the External Site. This link to the External Site is provided for convenience purposes only. We make no representation or warranty regarding the accuracy of the information contained in the External Sites. We suggest that you always verify the information obtained from linked websites before acting upon this information. Also, please be aware that the security and privacy policies on this External Site may be different than LogMeIn’s policies, so we encourage you to read any third party privacy and security policies closely.

LogMeIn’s filings with the U.S. Securities and Exchange Commission, or SEC, including LogMeIn’s annual reports on Form 10-K which include our audited financial statements, are available on LogMeIn’s Investor Relations website at https://investor.logmeininc.com/about-us/investors/financials/sec-filings/default.aspx free of charge. The data and other content contained on the External Site are not meant, and should not be used, as a substitute for information contained in LogMeIn’s filings with the SEC or disclosed through other channels used by LogMeIn to comply with its disclosure obligations under Regulation FD. The reports contained on the External Site may contain forward-looking information about LogMeIn’s future financial performance and results. Please note that the information presented on the External Site is deemed representative at the time of its original release and that changes in historical information may occur. LogMeIn undertakes no intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Although we believe the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee these results. We caution you to consider the risk factors described in our SEC filings, which could cause actual results to differ materially from the forward-looking statements disclosed on the External Site.

Non-GAAP Information

The External Site may contain certain non-GAAP and pro forma non-GAAP financial measures, in addition to financial measures determined in accordance with GAAP. “GAAP” refers to generally accepted accounting principles in the United States. The non-GAAP financial measures contained on the External Sites are not prepared in accordance with GAAP and may not be comparable to non-GAAP financial measures used by other companies. The non-GAAP information should be considered in addition to, but not as a substitute for or superior to, other measures of financial performance prepared in accordance with GAAP. LogMeIn urges investors to review the reconciliation of its non-GAAP financial measures to the comparable GAAP financial measures, which it includes in press releases announcing its quarterly financial results, and not to rely on any single financial measure to evaluate the Company's business. Reconciliation tables of the most comparable GAAP financial measures to the non-GAAP measures are included in LogMeIn’s quarterly press releases, which can be found in the Financials section of LogMeIn’s investor relations website under “Quarterly Results.”

By clicking “Accept”, you acknowledge that you have read and understand the information set forth above and agree that you will not misrepresent any calculation derived from the data or other content contained on the External Site as LogMeIn’s or otherwise.