According to the Last Pass Password Exposé report, an employee manages of about 200 passwords. Other industry reports often estimate the number of credentials used and put the figure closer to an average of 27 passwords per employee.
Which begs the question - based on multiple sources, how many passwords are managed by employees?
According to an infographic by Digital Guardian, for every one email address is an estimated 130 personal and work related accounts.
Source: Digital Guardian
Which calls out conflicting data - why are companies promoting that the an user manages multiple accounts? The real end-user does not need more than 20 or 30 passwords which is already way too much. That's why solutions such as single-sign products or password managers promote using their tools - because they want you to believe that your passwords are unmanageable to do manually.
However, companies and employees don't even get a complete solution by using single sign-on (SSO) technology, because more than 50% of the most popular websites and services, like Box, MailChimp, and LinkedIn, do not support SSO out of the box, the report states.
Password vaults with multi-factor authentication (MFA) are enabled in 26.5% of the organizations included in the report, a level that lacks broad enough adoption to offset the problems that enterprises face with passwords, according to the report. LastPass, in a report from last year, found that 91% of users were aware of the risks of reusing passwords, yet 61% continued with the practice.
While these tools are helpful by design they shouldn't be your organization's only line of defense. New-school security awareness training can help educate your users how to use strong passwords to avoid a potential attack.