A majority of IT decision makers think they have sufficient password protection in place, but most are failing to ensure strong passwords, exposing their companies to increased security risks that can lead to data breaches, according to a new report from identity management tools provider OneLogin.

The company surveyed more than 500 U.S.-based IT decision makers and found that 87 percent said they have sufficient password protection policies in place. Many of the organizations don’t require user passwords to meet any requirements other than being a minimum length with upper and lower case characters and numbers, the report said.

About one quarter (25 percent) of respondents don’t require user passwords to meet a minimum length requirement, and less than half (41 percent) check employee passwords against common password lists. Only 24 percent require users to rotate passwords monthly or more, with 54 percent enforcing users to rotate passwords on a quarterly basis.

Only 42 percent of respondents are using single sign-on (SSO) technology to manage internal access to corporate applications, and 34 percent use SSO to manage external access to company applications.

“Passwords alone are not enough to secure your company,” said Alvaro Hoyos, CISO at OneLogin. “Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication.”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access