UK Businesses Password Management is Out of Control

May 2nd, 2019

OneLogin has revealed UK IT decision makers are struggling to turn healthy password practices into action to protect the corporate network: More than two-thirds (66%) don’t check employee credentials against common password lists

London, UK, 2nd May 2019: UK IT leaders are putting business data at risk by not effectively managing employees’ passwords, according to OneLogin, the leading provider of Unified Access Management and simple password reset solutions. Despite 98% of IT decision makers having company guidelines in place around password complexity, and 95% feeling their current password protection measures and guidelines provide adequate protection for their business, there is still a lot of work to be done. Two-thirds (66%) don’t check passwords against common password lists and more than three-quarters (78%) don’t check employee passwords against password complexity algorithms. This poor password hygiene is leaving UK businesses vulnerable to cyber-attacks. Download the password management report.

In conjunction with World Password Day, OneLogin surveyed 300 IT decision makers across the UK, to uncover their attitudes towards password hygiene and the emphasis placed upon internal policies to protect business networks. Unveiling stark differences between the policies in place to protect business networks and how the attitudes translated through to employee password requirements.

“This report should be a reminder to every business leader in the UK to carefully review their password management,” said Thomas Pedersen, OneLogin’s chief technology officer and founder. “Cybercriminals thrive on companies overlooking fundamental security requirements, which becomes an open invitation for any hacker on the hunt for easy passwords.”

Companies lack consistent password fundamentals

While the majority of respondents practice good password hygiene, many respondents indicated that basic fundamentals are often lacking:

  • Fewer than 19% (18.7%) check passwords against rainbow tables
  • Over half (51%) don’t require special characters
  • Just under half don’t require numbers (47%) and upper and lower case (37%)

Poor password hygiene leaves corporate applications vulnerable

Mandatory requirements for internal corporate applications are also concerning:

  • Only 53% require single sign-on (SSO) integration
  • Only 35% have implemented password complexity policies
  • 70% have not implemented password rotation policies

“Companies need to adopt a security-first approach with simple identity and access management features, such as OneLogin, to streamline their password resets and implement SSO and MFA tools and best practices,” added Pedersen.

About OneLogin, Inc.

OneLogin, the leader in Unified Access Management and simple password reset solutions, connects people with technology through a simple and secure login, empowering organisations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 5500 customers worldwide. We are headquartered in San Francisco, California. For more information, visit, blog, Facebook, Twitter or LinkedIn.

Media Contact

Berkeley Communications

0118 909 0909

Secure all your apps, users, and devices