Studies continue to show that employees, particularly those of SMEs, are failing to heed security warnings over passwords. Now new research offers a reason why: SMEs have more than three times as many passwords as corporates.
LogMeIn analysed some 47,000 organisations using its LastPass service, and released the findings in its Global Password Security Report to coincide with Stay Smart Online Week.
It found that on average, workers in businesses with up to 25 employees have an average of 85 passwords. That is more than three times the number of passwords needed by employees at large businesses (those with between 1,001 and 10,000 employees), where a comparatively small 25 passwords are used on average.
The average Australian worker has 66 passwords, according to the research. And few are entirely unique — the report suggested that Australia ranked equal second globally for the reuse of passwords.
Those working in media and advertising were found to have the highest number of passwords, with an average of 97 for each person. Government accounted for the lowest number, at a still lofty 54 per person.
According to the report, those industries in possession of the most sensitive data are the least likely to have their workforces using multi-factor authentication, with the legal and insurance sectors having just 20 per cent of their employees using this level of security measures. That compares with a still low 37 per cent in the technology and software sectors.
This, the report suggested, may help to explain why employee habits around password security remain poor, particularly among those working for SMEs.
“Australian businesses are starting to take greater control of their password security — a likely result of regulatory changes across the industry. Unfortunately, MFA (multi-factor authentication) use alone cannot protect an organisation, and overall security hygiene must be elevated if we’re to see better results in the next Notifiable Data Breach Report,” said Lindsay Brown, APAC vice-president at LogMeIn.
The report suggests that many passwords are being reused across different sites and tools in a bid to remember them: on average, an employee will reuse a password 13 times.
It also suggests that businesses of all size can be doing a lot more to keep their data and commercial information secure, giving an average security score across the 47,000 LastPass users of just 49 per cent.
“Improvements in Security Scores are hampered by ongoing password reuse. Though password management is being rapidly adopted by businesses worldwide, ongoing user education and training are crucial to raising Security Scores,” the report said.
Last month, security firm Webroot revealed a poll of 1,000 Australian office workers that found almost a third retained the same password even after their data had been compromised.
Meanwhile, separate research released by Okta early last year suggested that 96 per cent of all passwords fail the basic security protocol of using more than eight characters and a mixture of numbers and both upper and lower case letters.
To mark World Password Day on 2 May 2019, a number of technology and security experts provided their advice on how employers and their teams can enhance the effectiveness of their passwords.
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.