Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    A Hacker’s Dream: Half of IT Admins Reuse Passwords Across Multiple Accounts

    password_small1-resized-600

    The most recent report from Ponemon shows how IT’s lack of password management is wildly misaligned with the organizations supposed concern for protecting data.

    Cybercriminals intent on gaining internal access usually only have a single compromised account from which to attempt lateral movement. But, according to Ponemon’s 2019 State of Password and Authentication Security Behaviors Report, extremely poor password management habits by those in IT are making a hacker’s job much easier.

    Despite nearly half of the over 1,300 IT pros surveyed stating that their companies are concerned about protecting either company or employee information, IT admins aren’t acting like it’s truly important.

    According to the report, 51% reuse the same password across an average of five business and/or personal accounts. This means multiple privileged accounts within the organization use the same password, simplifying the hacker’s job of compromising additional credentials.

    This data echoes the LastPass’s 2018 findings where 50% of users use the same passwords for work and personal accounts.

    This risk behavior on the part of IT admins has to make organizations wonder if proper security policy is in place to ensure users don’t follow suit. According to the Ponemon report 31% of organizations don’t have a password policy in place. This only elevates the level of risk when considering cyberattacks focused on compromising credentials in order to gain a foothold and move laterally across the organization.

    Whether a password policy is in place or not, organizations need to create a security culture where users are aware of how reusing passwords puts adds risk to the organization. Using Security Awareness Training, users can be taught both why password uniqueness, complexity, and safeguarding are important, helping to move the organization towards a security culture.

    How weak are your user’s passwords?

    Weak Password Test

    KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

    WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

    Here's how Weak Password Test works:

    • Reports on the accounts that are affected
    • Tests against 10 types of weak password related threats
    • Does not show/report on the actual passwords of accounts
    • Just download the install and run it
    • Results in a few minutes!

    This will take you 5 minutes and may give you some insights you never expected!

    Find Out Now

    Don't like to click on redirected buttons? Click here or cut & paste this link in your browser: 

    https://info.knowbe4.com/weak-password-test 

     

    Return To KnowBe4 Security Blog

    Topics: Password Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews