LastPass by LogMeIn today released findings of a new report commissioned to better understand the current state of passwords in organizations today, and how these trends are driving passwordless authentication models moving forward. The report, “From Passwords to Passwordless” was conducted in partnership with Vanson Bourne and highlights the critical need to address password problems as remote work becomes the new normal.
Released in time for Cybersecurity Awareness Month, a month recognized across the globe as an opportunity to double-down on security awareness efforts, the global study provides evidence that the need to migrate from traditional passwords and the risks they pose continues to grow, and is even more apparent in a work from anywhere world. The report suggests that while passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization.
Passwordless authentication reduces password related risks by enabling users to login to devices and applications without the need to type in a password. Technologies such as biometric authentication, single-sign-on (SSO) and federated identity streamline the user experience for employees within an organization, while still maintaining a high level of security and complete control for IT and security teams.
Key findings from the report include:
- Organizations Still Have a Password Problem
- Problems with passwords are still an ongoing struggle for organizations. The amount of time that IT teams spend managing users’ password and login information has increased year over year. In fact, those surveyed suggest that weekly time spent managing users’ passwords has increased 25 percent since 2019. Given this, the majority (85 percent) of IT and security professionals agree that their organization should look to reduce the number of passwords that individuals use on a daily basis. Additionally, almost all (95 percent) respondents surveyed say there are risks to using passwords which could contribute to threats in their organization, notably human behaviors like password reuse or password weakness.
- Security Priorities Are at Odds with User Experience
- When it comes to managing an organization, security is a core challenge for IT teams. However, it is the lack of convenience and ease of use that employees care about. Security is the main source of frustration for the IT department, particularly when issues are often derived from user behavior when managing passwords. The top three frustrations for IT teams include users using the same password across applications (54 percent), users forgetting passwords (49 percent) and time spent on password management (45 percent). For employees, the issues lie in convenience. Their top three frustrations are changing passwords regularly (56 percent), remembering multiple passwords (54 percent) and typing long, complex passwords (49 percent).
- Security and Eliminating Risk Are Seen as Primary Benefits of Passwordless Authentication
- Better security (69 percent) and eliminating password related risk (58 percent) are believed by respondents to be the top benefits of deploying a passwordless authentication model for their organization’s IT infrastructure. Time (54 percent) and cost (48 percent) savings are also noted benefits of going passwordless. Meanwhile, for employees a passwordless authentication model would help to address efficiency concerns. Over half (53 percent) of respondents report that passwordless authentication offers the potential to provide convenient access from anywhere, which is key given the shift towards remote work that is likely here to stay.
- Cost, Regulations and Time Are Cited as Top Challenges of Passwordless Deployment
- While going passwordless can provide a more secure authentication method, there are challenges in the deployment of a passwordless model. Respondents report the initial financial investment required to migrate to such solutions (43 percent), the regulations around the storage of the data required (41 percent) and the initial time required to migrate to new types of methods (40 percent) as the biggest challenges for their organization to overcome. There are also some concerns around resistance to change. Three quarters of IT and security professionals (72 percent) think that end users in their organization would prefer to continue using passwords, as it is what they are used to.
- Passwords Are Not Going Away Completely
- When it comes to identity and access management, 85 percent do not think passwords are going away completely. Yet, over nine in 10 respondents (92 percent) believe that delivering a passwordless experience for end-users is the future for their organization. There is a clear need to find a solution that combines passwordless authentication and password management in today’s organizations.
“As many organizations transition to a long-term remote work culture, giving your employees the tools and resources to be secure online in their personal lives as well as in the home office is more important now than ever,” said Gerald Beuchelt, Chief Information Security Officer at LogMeIn. “This report shows the continued challenge that organizations face with password security and the need for a passwordless authentication solution to enable both IT teams and employees to operate more efficiently and securely in this changing environment.”
For more information and to read the full report, visit https://www.lastpass.com/solutions/passwordless-access/from-passwords-to-passwordless
The report was commissioned by LogMeIn and fielded by independent technology market research specialist Vanson Bourne. 750 IT and security professionals were interviewed in April and May 2020, ranging from CIOs and CISOs, to IT managers and analysts. The respondents were from a variety of private and public sectors, across the US, UK, France, Germany, Australia and Singapore, and were from organizations with between 250 and 3,000 employees.
LastPass is an award-winning password manager which has helped more than 25.6 million users organize and protect their online lives. For more than 70,000 businesses of all sizes, LastPass provides identity and access management solutions that are easy to manage and effortless to use. From single sign-on and enterprise password management to adaptive multifactor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com.
LastPass is a trademark of LogMeIn in the U.S. and other countries.
LogMeIn, Inc.’s category-defining products unlock the potential of the modern workforce by making it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time. A pioneer in remote work technology and a driving force behind today’s work-from-anywhere movement, LogMeIn has become one of the world’s largest SaaS companies with tens of millions of active users, more than 3,500 global employees, over $1.3 billion in annual revenue and approximately 2 million customers worldwide who use its software as an essential part of their daily lives. The company is headquartered in Boston, Massachusetts with additional locations in North America, South America, Europe, Asia and Australia.