Procurement · 5 October 2018

Password security is 8 times stronger in micro businesses than large firms

passwords extinct
More employees bring more passwords and unsanctioned apps as well “dangerous” password behaviours

Workers sharing IT passwords are leaving growing businesses vulnerable to cyber-attacks, according to a new study, but the smallest firms are up to eight times more secure than large companies.

A new global report from password management group LastPass – “2018 Global Password Security Report” – found that on average any given employee shares six passwords with their co-workers. This problem, the report added, gets worse as companies grow and increase their workforce.

Indeed, it said that organisations with less than 25 employees have the best average password security with the problem increasing as they expand in size.

This is because more employees bring more passwords and unsanctioned apps as well “dangerous” password behaviours such as sharing.

“In larger organisations, it’s simply more challenging for IT to hold all employees to password security standards,” LastPass stated.

The report developed a calculation called the LastPass Security Score to provide a new benchmark for the industry. It found that the best sector for password security was technology, with a score of 53/100, given the level of privacy and data laws firms need to comply with. The next best were banking, health and government with 49.



Predictable password still world’s most common

Website operators are still not doing enough to encourage and enforce best practice when it comes to passwords.


The average password security score of organisations in the UK was found to be 52 out of 100. 

The report added that multi-factor authentication is an increasingly popular way to protect an organisation with 45% of businesses using it, up from 24.5% last year.

It said 41% of companies with 25 or fewer employees are using multi-factor authentication, compared to 5% for 501-1000, and 3% for 10,001 plus.

“Security professionals often fail to consider the value of the first factor of enterprise authentication— the password. Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up,” said Frank Dickson, research vice president, security products at IDC.

“Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses have struggled to quantify their own level of password risk,” said Gerald Beuchelt, chief information security officer at LogMeIn.

“This report offers fellow information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors. In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security.”

Sign up to our newsletter to get the latest from Business Advice.