90 Percent of IT Pros Worry About Password Reuse

Ninety percent of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise enterprise security, according to the results of a recent Gemalto survey of 1,150 IT professionals worldwide.

At the same time, 68 percent of respondents said they would be comfortable allowing employees to use their social media credentials on company resources.

Sixty-two percent of respondents said they’re facing increasing pressure to implement the same types of authentication methods typically seen in consumer services, such as fingerprint scanning and iris recognition, and 63 percent said they believe security methods designed for consumers provide sufficient protection for enterprises.

In fact, 52 percent of respondents expect consumer and enterprise security methods to merge entirely within the next three years.

“From credential sharing to authentication practices, it’s clear that consumer trends are having a big impact on enterprise security,” Gemalto senior vice president for identity protection Francois Lasnier said in a statement. “But businesses need to make sure their data isn’t compromised by bad personal habits.”

To improve enterprise security, 49 percent of respondents have implemented extra training, 47 percent have increased security spend, and 44 have allocated further resources.

Sixty-two percent of respondents said they expect to implement strong authentication in two years’ time, up from 51 percent who said the same thing last year.

Fifty percent of respondents said security is one of their biggest concerns as employee mobility increases.

One third of respondents have completely restricted employees from accessing company resources via mobile devices, and 91 percent are restricting mobile access at least in part. Thirty-seven percent of respondents’ organizations are required to use two-factor authentication to access corporate resources from mobile devices.

Almost half of respondents said they’re increasing resources and spending on access management. Ninety-four percent of respondents have implemented two-factor authentication to protect at least one application, and 96 percent expect to use it at some point in the future.

“For IT leaders, it’s important that they keep pushing for security to be a priority at the board level, and ensure that it’s front of mind for everyone in an organization,” Lasnier said.

Separately, a SecureAuth survey of more than 300 IT decision makers and cyber security professionals found that the use of multi-factor authentication rose by more than 40 percent year-over-year — in 2015, 66 percent of organizations were using multi-factor authentication, and 93 percent were doing so in 2016.

More than 30 percent of respondents are planning to expand or implement multi-factor authentication in the coming months.

Smaller organizations, those with fewer than 250 employees, are the least likely to use multi-factor authentication — 21 percent aren’t using any form of multi-factor authentication and have no plans to do so in the next 12 months.

Still, 82 percent of all respondents expressed concern about the misuse of stolen valid credentials to access their organization’s assets and information.

“It goes hand in hand that the increased implementation of multi-factor authentication and growing interest in expanding its use within organizations is driven by the top concern of misuse of stolen credentials,” SecureAuth CTO Keith Graham said in a statement. “Again and again, we see in many high-profile and not so high-profile breaches, bad actors gaining access to organizations using valid credentials that have been compromised in some way.”

A recent eSecurity Planet article offered advice on how to get identity authentication right.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles