LastPass is an online service that manages your passwords so that you can use a different password for each account you need on the internet. The parent company of LastPass, LogMeIn, has published Global Password Security Report that analyses the state of global computer security from password management point of view. The key findings of the 2019 report are that businesses are swiftly moving to multi factor authentication, and passwords are still reused way too frequently.
Lastpass analyzed the security behavior of 47 000 organizations of all sizes in all industry sectors across the world for the report.
- 57% of businesses are applying multifactor authentication to services their employees access. (It would be interesting to know what percentage of individual users have installed multi-factor or two-factor, also known as 2FA, authentication for personal services. It is likely to be far lower percentage. It takes an effort to do as this guide to two-factor authentication proves).
- In some industries, like media and advertising, a password was reused on average 22 times. Other industries had a lower score, with global average of 13 times for an employee to reuse a password.
- EU privacy regulation known as GDPR has been in effect since 2018, and results are indicating that the laws may have had an impact on organizations’ security measures. EU countries, such as Denmark, Netherlands and Germany had the biggest increase in the deployment of multifactor authentication.
- Large corporations and organizations with more than 10000 employees achieved the highest overall security score in the report. Large organizatrions have a lot to lose if criminals hack into their computer systems and they also have the resources to invest in security tools and training.
- European countries, North America, Australia and New Zealand top the country ranking for organizations’ security behavior.
- Of all studied countries, The Netherlands was ranked as the leader in security, with high adoption of multifactor authentication and top Security Score.
- Ability to access passwords on mobile devices significantly improves multifactor usage, along with employee adoption of password management.
- Increased regulation is a key factor for password security awareness, especially in EMEA and APAC regions.
Outside the scope of the report it is worth noticing that there are two types of password managers: services that save passwords in the cloud, and applications that save passwords locally on a device.
LastPass is a service that encrypts and saves all passwords in its databases. The advantage of a system like this is that passwords can be accessed on any device without sync problems. The disadvantage is that the service must be reliable and bullet-proof so that precious passwords can be trusted in its databases.
An example of a password manager that saves all data on a local device is Password Safe. Only if someone steals or borrows your device, he or she may try to crack the database. If you want to have the same password database in multiple devices, you have to establish a sync mechanism for the devices to update the database.