Passwords. They’re one of the oldest security tools in the world of software and the internet. But in today’s environment—with cybercrime rising and hackers beginning to use machine learning—passwords just don’t provide enough protection for businesses. Here are five reasons why.
It’s true. Verizon’s well-regarded Data Breach Investigation Report says that over 70 percent of employees reuse passwords at work. That means if a hacker gains access to a employee’s credentials for one app, maybe one that doesn’t have sensitive information, they can likely gain access to other apps—including ones with customer information.
And it gets worse. It turns out that a majority of people reuse passwords for work and personal accounts. So, if a hacker gets an employee’s Facebook or LinkedIn password, there’s a good chance that hacker can get into one of your company’s apps using the same password.
On top of reusing passwords, people tend to pick easy-to-hack passwords. That’s because people have trouble remembering passwords, with 72 percent reporting difficulty in one academic study.
An analysis of over five million leaked passwords showed that 10 percent of people used one of the 25 worst passwords. Seven percent of enterprise users had extremely weak passwords in another study. It only takes one bad password that one hacker finds to infiltrate your company.
Even when people do use better passwords, they often store them somewhere unsafe. Given the difficulty remembering passwords, it’s no surprise that employees enter passwords in spreadsheets or even—yikes!—write them on post-it notes. Even 65 percent of business managers recorded their passwords on a private document like a post-it note or shared it with other individuals. That’s just another surface for hackers to attack. Another way your company is vulnerable.
The fact is, cybercriminals know that passwords are the weak link. That’s why they are a top target for hackers. It works. Stolen credentials are the top cited action involved in security breaches. In fact, 81 percent of hacking-related breaches used stolen and/or weak passwords.
To make matters worse, some of your most privileged accounts may have poor passwords. Privileged accounts are ones that have access to confidential data or the ability to provide access to other apps and systems. For example, administrator accounts.
In 2018, 44 percent of data breaches involved privileged identities. Admins have the same memory problems as other users, so they have the same tendency to reuse passwords. A Ponemon Institute study reported that 51 percent of admins reused their password across an average of five personal or business apps. And 32 percent of administrators in one study reported giving out their credentials for others to use.
A breach is bad for those whose records are compromised—like your loyal customers—and for your business. You can lose customers, intellectual property, and lawsuits as a result. It can take years to recover, and some companies never recover.
The average cost of a breach is $148 per record. Globally, the average cost of a breach is $3.86 million. In the United States, it’s even higher: $7.91 million. And breached companies suffer the consequences for years, underperforming the market and being down against the NASDAQ an average of -15.58% even three years later. If your business is like most, you can’t afford a breach. Which means you can’t afford to ignore the password problem. Find out how to solve it using a Single Sign-On (SSO).
Thanks for signing up.
We’ve sent a verification email to
To complete your trial sign up, please check your email and follow instructions to verify. You may need to check your spam. You will be prompted to set up a password and log in. Please note that your user name is your email address.
See how Multi-Factor Authentication (MFA) helps to prevent some of the most common and successful types of cyber attacks.Learn
Find out how PAM systems help secure your company by protecting accounts that have elevated access.Read more
A password vault provides some added security for companies, but it isn’t enough to protect from hackers.Find out why