The report comes from Last Pass and it is entitled “The 2018 Global Password Security Report: Understanding password hygiene in businesses worldwide – and how your company stacks up.” Last Pass is part of the LogMeIn company portfolio, which is one of the world’s leading software-as-a-service (SaaS) companies.
In the Global Password Security Report, Last Pass has uncovered the state of corporate password security around the world. This is based on analysis of aggregated data drawn from over 43,000 businesses. The aim was to provide a password security benchmark to allow IT professionals to measure progress when investing in password management.
The analysis tool used is the The LastPass Password Strength Score, which evaluates the combined, averaged password strength of all passwords stored in the user’s vault, based on:
The number of duplicate passwords.
The number of sites marked “vulnerable” (due to publicly disclosed data breaches).
The number of weak passwords.
The average strength of each password.
The strength of shared passwords.
The multifactor authentication score.
Based on this approach, the average score was found to be 52 out of 100, which is rated ‘fair’, indicating that many business systems are vulnerable. The report states that this outcome: “means that most businesses still have work to do in overcoming weak, reused, old and potentially compromised credentials. Many passwords could be stronger, and every one is a potential entryway to the business that should be protected and managed.”
As a warning to big firms, the report finds that the bigger the company, then the lower its security score is on average. In contrast, organizations with 25 or fewer employees have the highest average. The highest average scores are with technology
firms, followed by not-for-profit companies. At the lower end are retail and insurance.
In terms of addressing low scores, the report states that multifactor authentication remains the industry best practice
for preventing unauthorized account access.
