Skip to main content

Back to Blog

Identity and Access Management has a Password Problem

Recent research from Enterprise Management Associates (EMA) found that a staggering 60% of organizations have experienced a security breach in the past year. Digging into the details, the leading source of breaches (24.4%) was once again due to compromised user passwords. The findings also highlighted that a further 16.1% of breaches were down to a user sharing credentials with an unauthorized peer. Does identity and access management have a password problem?

24.4% of security breaches in the last 12 months were due to compromised user passwords.

This means that over 40% of breaches were directly related to passwords. Of those organizations that suffered a breach, 90% stated that there were significant consequences for their business, reinforcing once again why password strategy can’t be ignored.

Organizations rely on identity and access management as a key component of their security strategy. Enterprises use identity management to safeguard their information assets against the rising threats of ransomware, criminal hacking, phishing, and other malware attacks. However, if a password becomes compromised, then it can become an entry point into an organization’s network and information assets.

So why can passwords be the weakest link in identity and access management?

Fundamentally it comes down to people. Organizations predominantly rely on a password strategy that puts the onus on users to remember numerous, complex, and constantly changing, character strings. Out of a desire for convenience and ease of use, people typically reuse passwords across their work and personal accounts or only slightly modify a root password. This trend is supported by the EMA research findings, with respondents stating that when access requirements become too complicated and time-consuming, users often find ways to bypass security controls.

Expecting human behavior to change is not realistic, so enterprises need to take steps to address the password problem. Organizations must eliminate bad employee passwords. However, almost half of the EMA survey respondents stated that ensuring users employ strong and uncompromised passwords is a critical or significant challenge even though 48 percent are doing some form of password monitoring.

Enzoic for Active Directory is an automated tool that helps solve the password problem. The solution compares passwords at creation and daily against a robust, real-time database of billions of compromised and bad passwords negating the need for periodic password resets. With the solution, organizations can protect the business by ensuring only strong and uncompromised passwords are used without creating undue frustration for users.

But don’t just take our word for it. Steve Brasen, Research Director at EMA states that “Enzoic for Active Directory ensures passwords continuously meet even the most stringent security and compliance requirements while simplifying management processes.”

Read the report from EMA: Contextual Awareness: Advancing Identity and Access Management to the Next Level of Security Effectiveness

Find out more about how Enzoic can help enterprises shore up their IAM strategy and solve the password problem here.