A majority of IT executives across the UK continue to rely on employees to monitor their password behaviour, reveals a new study.
Despite password behaviour remaining a concern, companies are not doing enough to improve control and visibility of IT executives.
As many as 78%, or nearly 4 in every 5, IT executives are not able to control employees' access to cloud-based applications and many of them lack the control and visibility required to improve password behaviour among employees, reveals a study from LastPass and Ovum.
Are employees managing their passwords effectively?
According to the study, despite employees retaining a level of control over what passwords to keep and when to change them, not all are comfortable with the process. More than 3 in every 4 out of hundreds of employees who spoke to the surveyers revealed that they experience regular password usage problems, mainly due to the absence of technologies like single sign-on (SSO).
At the same time, more than a third of all employees also require password-related help desk support from time to time. A majority of them also said that if their organisations offered a solution, they would use a tool to help store and access passwords without needing to remember each one.
What are IT executives doing about it?
A majority of IT executives also revealed that they are implementing technology based on policies and not the user, and this is affecting the user's ability to maintain password hygiene, thereby placing companies at risk.
The lack of a technology that can enforce password strength requirement is also forcing employees to decide themselves whether the passwords they keep are strong or not. As a result, IT executives rely on employee education to enforce strong passwords rather than on technology.
At the same time, a majority of IT executives also said that they had no technology in place to control password sharing and only 14% of those surveyed said that they had automated control facilities to detect password sharing among employees.
“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong," said Andrew Kellett, Principal Analyst, Infrastructure Solutions at Ovum.
Matt Kaplan, GM of LastPass, believes that the absence of technology coupled with the threat posed by human behaviour is also leaving companies unnecessarily at risk from weak or shared passwords.
'Organisations need to focus on solving for both obstacles in order to significantly improve their overall security,' he adds.