Password sprawl and reuse outstrip MFA and biometrics among LastPass users

Only one percent of LastPass multifactor authentication systems in use leverage biometrics, according to new research from LastPass, though the company believes offerings like its recently-launched LastPass MFA will drive a rapid increase in that number.

“The 3rd Annual Global Password Security Report” is based on analysis of more than 47,000 organizations using LastPass. The report shows Windows biometrics are used by 0.7 percent of those businesses, and also shows that access control and password behaviors remain a potential point of vulnerability for many organizations.

Employees reuse one password 13 times, on average, and that businesses in media and advertising have the most passwords to deal with, as each employee manages 97 on average. For small businesses, the results are particularly troubling, with only 27 percent of businesses under 500 employees using MFA, while 87 percent of employees at large businesses, and 57 percent overall, use MFA. Employees of smaller businesses also have many more passwords to manage; 85 on average, compared to 25 per person at larger companies. Less than half of all businesses have a single sign-on (SSO) solution in place to help employees cope with the volume of passwords.

“Securing employee access has never been more important and unfortunately, we see businesses ignore password security altogether, or only half-heartedly attempt to address it,” said LogMeIn Chief Information Security Officer Gerald Beuchelt. “This report further highlights the importance of using the identity and access management tools available to information security managers in addition to maintaining focus on employee training to improve password habits.”

Increasing integration of mobile platforms with password managers is helping adoption, with LastPass observing a 50 percent increase in mobile use of its technology following the launch of iOS12. Smartphone password vaults are now used by 23 percent of employees globally. Regulations such as Europe’s GDPR and Australia’s NDB appear to be encouraging increasing MFA adoption in countries like Denmark (46 percent), the Netherlands (41 percent), Switzerland (41 percent), and Australia, where it jumped from 6 percent to 29 percent in 12 months.

Article Topics

access management  |  biometrics  |  identity verification  |  LastPass  |  multi-factor authentication  |  passwords  |  survey