locked door

Spotlight Podcast: Global Audit Finds Small Firms struggle with Password Hygiene

In this Spotlight edition of our podcast sponsored by LastPass* we’re joined by LogMeIn Chief Information Security Officer Gerald Beuchelt to talk about LastPass’s third annual Global Password Security Report, which finds password hygiene improving at large companies, but lagging at smaller firms.

To paraphrase the author F. Scott Fitzgerald: “large companies aren’t like everyone else: they use fewer passwords.”

Security Ledger Sponsored Content

That’s one of the unmistakable conclusions from a survey conducted by the firm LastPass (part of LogMeIn) in its latest Global Password Security Report. Among other conclusions, the LastPass analysis showed that employees at small firms typically managed 85 passwords on average – more than three times the number of passwords as workers at larger companies. They also did a worse job managing those extra passwords, with bad hygiene like password reuse far more common. 

How did we get to this state of password “have and have nots” (or “know and know nots?”) To understand the dynamic a bit better, we invited Gerald Beuchelt, the Chief Information Security Officer at LogMeIn into the Security Ledger studios.  

Gerald Beuchelt is the CISO at LogMeIn
Gerald Beuchelt is the CISO at LogMeIn

Beuchelt is responsible for managing and maintaining the security program across LogMeIn. In this conversation, he and I talk about the continuing challenges of managing passwords and some of the conclusions of the company’s latest Password Security Report. 

As a provider of password management technology for some 47,000 organizations, the company has a unique perspective on password use.

Beuchelt is careful to note that LastPass uses “zero knowledge” technology which means it can’t actually “see” its customers passwords. However, it is able to statistically analyze them to assess their security as well as the presence of other security features like multi-factor technology. 

Average Number of Reused Passwords LastPass Global Password Security Report.
Companies with the fewest employees had the worst password hygiene, LastPass found. (Image courtesy of LastPass.)

Beuchelt tells me that password security is a “mixed bag”: with a noticeable uptick in the use of multi factor technology across the board. However, even without knowing the password’s value, it can analyze its complexity (not to mention password re-use) and note the use of other technologies like multi factor authentication and single sign-on. Beuchelt and I talk about how better password hygiene is not being observed universally. Larger firms are getting the message, while smaller firms with 25 or fewer employees lag behind. 

Its an interesting conversation that you can check out in its entirety!

(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Comments are closed.