Many firms have only minimum cyber security protocols in place

Register now

A majority of IT decision makers think they have sufficient password protection in place, but most are failing to ensure strong passwords, exposing their companies to increased security risks that can lead to data breaches, according to a new report from identity management tools provider OneLogin.

The company surveyed more than 500 U.S.-based IT decision makers and found that 87 percent said they have sufficient password protection policies in place. Many of the organizations don’t require user passwords to meet any requirements other than being a minimum length with upper and lower case characters and numbers, the report said.

About one quarter (25 percent) of respondents don’t require user passwords to meet a minimum length requirement, and less than half (41 percent) check employee passwords against common password lists. Only 24 percent require users to rotate passwords monthly or more, with 54 percent enforcing users to rotate passwords on a quarterly basis.

Only 42 percent of respondents are using single sign-on (SSO) technology to manage internal access to corporate applications, and 34 percent use SSO to manage external access to company applications.

“Passwords alone are not enough to secure your company,” said Alvaro Hoyos, CISO at OneLogin. “Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication.”

For reprint and licensing requests for this article, click here.