Although breaches from hacked privileged accounts have resulted in data theft leading to high mitigation costs, as well as bad publicity and tarnished brands, 18 percent of IT security pros still keep track of those passwords in a paper log book. That’s no joke.
An overwhelming majority -- 80 percent -- of the 913 IT security pros surveyed by One Identity said they face challenges managing privileged passwords. In addition to those old-school IT pros using paper logs, another 36 percent manage passwords in Excel or another spreadsheet.
The One Identity survey was not a good report card for IT security professionals overall. Twenty-one percent of respondents said they can’t monitor or record activity performed with administrator credentials, and 32 percent said they aren’t always able to identify individuals who perform admin activities. Further, 40 percent of those surveyed admit they don't change default admin passwords, and a whopping 86 percent don't regularly change the passwords on their admin accounts. Additionally, many of those passwords aren't private -- on average, an employee shares four passwords with others.
Multi-factor authentication -- whereby computer access control is granted access once several separate pieces of evidence is presented to an authentication mechanism -- is slowly growing in acceptance. MFA is just not being implemented widely: Another researcher, DuoLabs, found that only 26.5 percent of businesses have enabled multi-factor authentication to protect their password vaults.