The password has been the long-standing guardian keeping unauthorized users from accessing data, applications, and systems they shouldn’t. But, the password is only powerful when the assigned user keeps it private. According to the latest “State of the Password” report, the average employee shares six, (yes, SIX) passwords – an increase of 33% from last years number of only 4 passwords!
While 45% of businesses state they are using multi-factor authentication (MFA), the ability to share multiple passwords indicates a few possibilities:
- Not all users are using MFA
- Not all applications are tied into MFA
In either case, the end result is only a portion of production (that is, the mix of users and applications) is protected by MFA. Now, add to that the fact that the use of stolen credentials is the number one threat action in a data breach, and you begin to realize how much cybercriminals LOVE the news around rampant password sharing.
It’s a dangerous cocktail that tastes like a successful attack.