New LastPass Research Finds Password Habits Remain Key Obstacle to Business’ Security

Oct 08, 2019
3rd Annual Global Password Security Report shows widespread password reuse, despite increased investment in security tools like multifactor authentication

BOSTON, Oct. 08, 2019 (GLOBE NEWSWIRE) -- LastPass by LogMeIn today released the results of their 3rd Annual Global Password Security Report, a study that offers insights into employee password behaviors as well as emerging trends around identity and access management at businesses worldwide.

last pass.png


Among the key findings from this year’s report is that while more businesses are investing in security measures like multifactor authentication (MFA), employees still have poor password habits that weaken companies’ overall security posture. Given that stolen and reused credentials are linked to 80 percent of hacking-related breaches, businesses must take more action to improve password and access security to make a big impact on risk reduction.

“Securing employee access has never been more important and unfortunately, we see businesses ignore password security altogether, or only half-heartedly attempt to address it,” said Gerald Beuchelt, Chief Information Security Officer at LogMeIn. “This report further highlights the importance of using the identity and access management tools available to information security managers in addition to maintaining focus on employee training to improve password habits.”

Additional key findings from the report include:

  • The Password Struggle is Real, Especially for Employees at Small Businesses
    Password sharing and reuse remains a common practice in most businesses, with employees reusing one password an average of 13 times. Our data shows that employees at businesses with fewer than 1,000 employees reuse 10-14 passwords compared to four reused passwords among employees at larger organizations. An overwhelming number of passwords leads to poor password hygiene when there’s no technology in place to help. Our data shows employees at larger companies have an average of 25 passwords to manage compared to 85 passwords for those at small business. Due to greater availability of resources and awareness of regulations, larger businesses may be more likely to have Single Sign-On solutions in place that enable employees to access more apps with fewer passwords. However, less than 50 percent of all businesses have a Single Sign-On (SSO) solution that could make it easier for employees to manage passwords.

  • Multifactor Authentication Usage is on the Rise, But Small Business Lags
    More than half of businesses globally (57 percent) now have employees using multifactor authentication (MFA), up 12 percentage points from last year’s report. As multifactor authentication options continue to improve in usability and support for a wide range of use cases, we continue to see usage increase. Unsurprisingly, employees at larger organizations have the highest usage – 87 percent – which drops nearly in half (to 44 percent) at organizations with approximately 500-1,000 employees, and less than a third (27 percent) at the smallest businesses. Given the competing priorities of IT staff at smaller businesses, it’s understandable that MFA may not be a priority. However, given the number of affordable, user-friendly options available, every business should be able to find an MFA solution that meets their needs.

  • Industry Differences: Media/Advertising are Inundated with Passwords
    In terms of industry, media/advertising agency employees have the most passwords to manage (97), whereas government employees have the least (54). It’s no surprise that employees in that media and advertising sector also have the highest rate of password reuse – 22 – compared to just nine in the nonprofit and retail sectors. No amount of password reuse is safe, but some sectors have a lot more work to do. When it comes to MFA, industries with the most sensitive customer data, like insurance and legal, are the least likely to have employees using MFA (20 percent usage for each compared to the high of 37 percent in the technology and software industries).

  • Password Manager Adoption via Mobile Increases
    For the first time, this report looks at how employees use their password manager via the LastPass app on mobile devices. Globally, 23 percent of employees are accessing password vaults on their smartphone, and that number is likely to grow as mobile platform integrations improve. After the iOS 12 launch, for example, employees used LastPass on their mobile device 50 percent more frequently than prior to the launch. Further, user retention is approximately 30 percent higher on average when mobile usage is incorporated into an employee’s onboarding experience. It’s clear that when it’s convenient for employees to access and use password managers from their smartphone or other device of their choice, they’re more likely to use it.

  • Increased international regulation spurs action in EMEA and APAC
    As global threats rise, and concerns grow about the privacy of personal information, governments and industries are enacting more regulations, directives and guidelines in order to help protect the digital economy. GDPR may contribute to significant growth in adoption of MFA in countries like Denmark (46 percent), the Netherlands (41 percent), Switzerland (38 percent) and Germany (32 percent). The NDB scheme may contribute to Australia’s multifactor authentication usage growing from 6% to 29% in a 12-month period.

For more information and to read the full report, visit https://www.lastpass.com/state-of-the-password/global-password-security-report-2019.

Additional Resources

Report Methodology
LastPass anonymized and aggregated data from more than 47,000 organizations who use LastPass as their business password manager. As in previous years, the report represents organizations of all types and sizes across nearly every industry, as well as from a variety of regions. The data set has also grown since last year’s report, as more organizations begin using LastPass as their business password manager. Though the data only reflects LastPass users, we’ve broadened our conclusions for the business IT community at large.

About LastPass
For more than 58,000 businesses of all sizes, LastPass reduces friction for employees while increasing control and visibility for IT with an access solution that’s easy to manage and effortless to use. From single sign-on and password management to adaptive authentication, LastPass gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com.
LastPass is a trademark of LogMeIn in the U.S. and other countries.

About LogMeIn, Inc.
LogMeIn, Inc. (NASDAQ: LOGM) simplifies how people connect with each other and the world around them to drive meaningful interactions, deepen relationships, and create better outcomes for individuals and businesses. One of the world’s top 10 public SaaS companies, and a market leader in unified communications and collaboration, identity and access management, and customer engagement and support solutions, LogMeIn has millions of customers spanning virtually every country across the globe. LogMeIn is headquartered in Boston, Massachusetts with additional locations in North America, South America, Europe, Asia and Australia.

Media Contact:
Lauren Christopherson
press@lastpass.com  
617-279-2443

7304.jpg

Source: LogMeIn, Inc.

NASDAQ:LOGM
Price 67.49 -0.16 -0.24% Volume: 360,435 Oct 21, 2019 PM ET Pricing delayed 20 minutes> More

Email Alerts

Email *
Mailing Lists *






 
Enter the code shown above.

Investor Contact

Rob Bradley
Vice President of Investor Relations
Phone: (781) 897-1301

InvestorRelations@LogMeIn.com

Disclaimer

You are now leaving LogMeIn's website and are being directed to a website that is operated and maintained by a third party (an "External Site"). LogMeIn does not control the External Site and is not responsible for the data, content or availability of the External Site. This link to the External Site is provided for convenience purposes only. We make no representation or warranty regarding the accuracy of the information contained in the External Sites. We suggest that you always verify the information obtained from linked websites before acting upon this information. Also, please be aware that the security and privacy policies on this External Site may be different than LogMeIn’s policies, so we encourage you to read any third party privacy and security policies closely.

LogMeIn’s filings with the U.S. Securities and Exchange Commission, or SEC, including LogMeIn’s annual reports on Form 10-K which include our audited financial statements, are available on LogMeIn’s Investor Relations website at https://investor.logmeininc.com/about-us/investors/financials/sec-filings/default.aspx free of charge. The data and other content contained on the External Site are not meant, and should not be used, as a substitute for information contained in LogMeIn’s filings with the SEC or disclosed through other channels used by LogMeIn to comply with its disclosure obligations under Regulation FD. The reports contained on the External Site may contain forward-looking information about LogMeIn’s future financial performance and results. Please note that the information presented on the External Site is deemed representative at the time of its original release and that changes in historical information may occur. LogMeIn undertakes no intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Although we believe the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee these results. We caution you to consider the risk factors described in our SEC filings, which could cause actual results to differ materially from the forward-looking statements disclosed on the External Site.

Non-GAAP Information

The External Site may contain certain non-GAAP and pro forma non-GAAP financial measures, in addition to financial measures determined in accordance with GAAP. “GAAP” refers to generally accepted accounting principles in the United States. The non-GAAP financial measures contained on the External Sites are not prepared in accordance with GAAP and may not be comparable to non-GAAP financial measures used by other companies. The non-GAAP information should be considered in addition to, but not as a substitute for or superior to, other measures of financial performance prepared in accordance with GAAP. LogMeIn urges investors to review the reconciliation of its non-GAAP financial measures to the comparable GAAP financial measures, which it includes in press releases announcing its quarterly financial results, and not to rely on any single financial measure to evaluate the Company's business. Reconciliation tables of the most comparable GAAP financial measures to the non-GAAP measures are included in LogMeIn’s quarterly press releases, which can be found in the Financials section of LogMeIn’s investor relations website under “Quarterly Results.”

By clicking “Accept”, you acknowledge that you have read and understand the information set forth above and agree that you will not misrepresent any calculation derived from the data or other content contained on the External Site as LogMeIn’s or otherwise.