Eighty-percent of IT security professionals admit to facing challenges managing privileged passwords, a recent One Identity survey of 913 IT security pros found.
Eighteen percent of respondents use a paper logbook for privileged password management, and 36 percent manage passwords in Excel or another spreadsheet.
Fully 57 percent of IT security pros admit that they only monitor some privileged accounts -- or don't monitor privileged access at all.
Twenty-one percent of respondents aren't able to monitor or record activity performed with admin credentials, and 32 percent said they can't consistently identify individuals who perform admin activities.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
And it gets worse. Forty percent of IT security pros admit they don't change default admin passwords, and 86 percent don't consistently change the passwords on their admin accounts.
"Over and over again, breaches from hacked privileged accounts have resulted in astronomical mitigation costs, as well as data theft and tarnished brands," One Identity president and general manager John Milburn said in a statement. "These survey results indicate that there are an alarmingly high percentage of companies that don't have proper procedures in place."
Separately, recent LastPass research based on an analysis of more than 30,000 companies using the LastPass password manager found that the average employee is managing 191 passwords -- meaning that a 250-employee company has 47,750 passwords in use across their organization.
As a result, the average employee types out login credentials 154 times a month. With an average of 14 seconds per password, the researchers suggest, that's 36 minutes per month spent by each employee just on entering passwords.
And many of those passwords aren't private -- on average, an employee shares four passwords with others.
What's more, LastPass found that just 26.5 percent of businesses have enabled multi-factor authentication to protect their password vaults.
"While we're seeing that a significant portion of businesses are investing in multi-factor authentication, it is not yet adopted widely enough to compensate for the shortcomings of passwords," the report states.
A separate Duo Labs survey of 443 individuals across the U.S. found that only 28 percent of respondents use two-factor authentication (2FA) -- in fact, 56 percent of respondents had never heard of it.
Forty-five percent of those who use 2FA said they do so on all services that offer it.
Among those who only use 2FA on some services, the most common reasons for doing so were because the services hold particularly important and sensitive data (42 percent), and because 2FA is required for those services (49 percent).
Just under 2 percent of respondents had previously used 2FA but had stopped doing so, largely due to inconvenience.
"This survey underscores the reality that we as a security community still have a long way to go when it comes to educating the everyday person about proper security behaviors in general and 2FA in particular," the researchers wrote.