The Security Ledger Podcast
Spotlight Podcast: Global Audit Finds Small Firms struggle with Password Hygiene
In this Spotlight edition of our podcast sponsored by LastPass* we’re joined by LogMeIn Chief Information Security Officer Gerald Beuchelt to talk about LastPass’s third annual Global Password Security Report, which finds password hygiene improving at large companies, but lagging at smaller firms.
To paraphrase the author F. Scott Fitzgerald: “large companies aren’t like everyone else: they use fewer passwords.”
That’s one of the unmistakable conclusions from a survey conducted by the firm LastPass (part of LogMeIn) in its latest Global Password Security Report. Among other conclusions, the LastPass analysis showed that employees at small firms typically managed 85 passwords on average – more than three times the number of passwords as workers at larger companies. They also did a worse job managing those extra passwords, with bad hygiene like password reuse far more common.
How did we get to this state of password “have and have nots” (or “know and know nots?”) To understand the dynamic a bit better, we invited Gerald Beuchelt, the Chief Information Security Officer at LogMeIn into the Security Ledger studios.
Gerald Beuchelt is the CISO at LogMeIn
Beuchelt is responsible for managing and maintaining the security program across LogMeIn. In this conversation, he and I talk about the continuing challenges of managing passwords and some of the conclusions of the company’s latest Password Security Report.
As a provider of password management technology for some 47,000 organizations, the company has a unique perspective on password use.
Beuchelt is careful to note that LastPass uses “zero knowledge” technology which means it can’t actually “see” its customers passwords. However, it is able to statistically analyze them to assess their security as well as the presence of other security features like multi-factor technology.
Companies with the fewest employees had the worst password hygiene, LastPass found. (Image courtesy of LastPass.)
Beuchelt tells me that password security is a “mixed bag”: with a noticeable uptick in the use of multi factor technology across the board. However, even without knowing the password’s value, it can analyze its complexity (not to mention password re-use) and note the use of other technologies like multi factor authentication and single sign-on. Beuchelt and I talk about how better password hygiene is not being observed universally. Larger firms are getting the message, while smaller firms with 25 or fewer employees lag behind.
Its an interesting conversation that you can check out in its entirety!