In this Spotlight edition of our podcast sponsored by LastPass* we’re joined by LogMeIn Chief Information Security Officer Gerald Beuchelt to talk about LastPass’s third annual Global Password Security Report, which finds password hygiene improving at large companies, but lagging at smaller firms.
To paraphrase the author F. Scott Fitzgerald: “large companies aren’t like everyone else: they use fewer passwords.”
That’s one of the unmistakable conclusions from a survey conducted by the firm LastPass (part of LogMeIn) in its latest Global Password Security Report. Among other conclusions, the LastPass analysis showed that employees at small firms typically managed 85 passwords on average – more than three times the number of passwords as workers at larger companies. They also did a worse job managing those extra passwords, with bad hygiene like password reuse far more common.
How did we get to this state of password “have and have nots” (or “know and know nots?”) To understand the dynamic a bit better, we invited Gerald Beuchelt, the Chief Information Security Officer at LogMeIn into the Security Ledger studios.
Beuchelt is responsible for managing and maintaining the security program across LogMeIn. In this conversation, he and I talk about the continuing challenges of managing passwords and some of the conclusions of the company’s latest Password Security Report.
As a provider of password management technology for some 47,000 organizations, the company has a unique perspective on password use.
Beuchelt is careful to note that LastPass uses “zero knowledge” technology which means it can’t actually “see” its customers passwords. However, it is able to statistically analyze them to assess their security as well as the presence of other security features like multi-factor technology.
Beuchelt tells me that password security is a “mixed bag”: with a noticeable uptick in the use of multi factor technology across the board. However, even without knowing the password’s value, it can analyze its complexity (not to mention password re-use) and note the use of other technologies like multi factor authentication and single sign-on. Beuchelt and I talk about how better password hygiene is not being observed universally. Larger firms are getting the message, while smaller firms with 25 or fewer employees lag behind.
(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.