Report: Half of IT Leaders Say Passwords Too Weak for Security Purposes

As cyberattacks continue to rise worldwide, business leaders are asking how to reduce risk to their organizations. One simple answer: better password security.

However, many businesses find that their organization’s passwords leave something to be desired when reducing cyber risk. According to a recent report that surveyed senior IT leaders, more than half said that they believed their passwords were too weak for proper security purposes.

Having weak passwords presents a significant risk to an organization. Even a weak password can represent a weak link in the armor protecting a small or medium business (SMB) against today’s rising cyber threats. According to a second survey, weak passwords led to around a third of cybersecurity breaches in 2021 — a significant number considering the average cyberattack cost organizations $4.24 million that year.

In particular, the first survey mentioned concern around user-generated passwords (meaning those passwords chosen by the employees). According to the report, ninety-four percent of IT leaders surveyed said they had “serious concerns” about these passwords. User-generated passwords may repeat commonly used passwords or be too simple to reduce risk, for example.

Storing the passwords also presented another concern, especially with the rise of remote work, the survey found. For instance, IT leaders expressed concerns that users might be using risky methods, such as storing the passwords in places they may be found by attackers or those with bad intentions (such as a sticky note on their desk or a note on their phone).

IT leaders have a responsibility to help their users implement password best practices, such as complex, unique passwords across all their various accounts. Implementing training can help with this by educating users on the importance of secure passwords and how to create one, as well as implementing secure password management tools to help users manage their various passwords across multiple accounts. Multi-factor authentication is generally considered the absolute best practice when possible — taking password protection to the next level.

Another tool that IT leaders can consider is password-less technology, which many think they may look to implement (65 percent). These types of technology can include biometrics (like a fingerprint), a PIN, or a physical security key that the employee would use to authenticate themselves.

SMBs looking to improve their password security can take a few steps. First, they can work to roll out training to their employees to ensure they are educated on what a strong password is and the importance of using one. Additionally, they can invest in tools that can help employees implement these passwords securely in their day-to-day workflows, such as those previously mentioned.

While an SMB may never be able to eliminate the cyber risk facing their organization, implementing these steps can help significantly reduce their overall risk and provide better hope for their future.