Bitwarden, the trusted leader in password, passkey, and secrets management, today announced findings from a report commissioned with 451 Research, a part of S&P Global Market Intelligence, titled Risk Reduction and Resilience Starts with Enterprise Password Management. The report examines enterprise identity and access management (IAM) challenges and highlights the importance of strong password management as a fundamental security measure.
Also Read: The Arbitrage Opportunity of Small Language Models: Unlocking AI Efficiency and Performance
Weak passwords remain a security risk
Enterprises continue to grant employees, contractors, and third parties access to a growing number of systems and datasets. Despite increased adoption of multifactor authentication (MFA), 65% of enterprises still rely solely on passwords to access corporate systems. Even as passwordless authentication gains traction, 37% of applications still support only password-based logins, reinforcing the need for secure password management.
While technology vendors promote passwordless authentication, adoption remains slow. Only 21% of enterprises have implemented FIDO2 passwordless authentication, underscoring the ongoing reliance on traditional credentials.
Regulatory frameworks such as SOC 2, HIPAA, and PCI-DSS emphasize IAM controls, yet businesses struggle to balance security, compliance, and usability. Without strong password management, enterprises face greater exposure to insider threats and external attacks.
MFA adoption grows, but strong passwords remain essential
While enterprises recognize the importance of MFA, passwords remain a foundational element of authentication strategies. 55% identify strong MFA as the most effective defense against ransomware and malware, yet many still rely on passwords as the primary authentication factor.
Even with MFA adoption on the rise, enterprises continue to use varied authentication methods: 42% rely on SMS-based two-factor authentication (2FA), 32% deploy authenticator apps, and 25% use biometrics. Many users still default to passwords alone, emphasizing the need for secure password habits.
Recent breaches, including the 2024 attack on UnitedHealth’s Change Healthcare, which resulted in $786 million in damages, highlight the need for MFA on critical systems.
Also Read: Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage
Simplified IAM strategies improve compliance and business resilience
Enterprises increasingly recognize strong MFA as a cornerstone of identity security, with 39% citing it as their primary zero-trust tactic, compared to 11% relying on network segmentation.
The bring your own device (BYOD) shift has heightened security risks, as employees access corporate resources from personal devices, requiring zero-trust security models to authenticate every user and device before granting access.
Despite increased investment in authentication, many enterprises still struggle with fragmented IAM strategies and inconsistent policy enforcement, leaving them vulnerable to credential-based attacks and lateral movement threats. Password management plays a key role in reducing IT overhead, minimizing password reset requests, and enforcing authentication best practices.
Password management remains the top IAM challenge for enterprises, with 35% citing it as their biggest pain point, followed by privileged access management (30%), password reuse (25%), compliance audits (25%), and terminating access for employees who leave (23%).
A back-to-basics approach is critical, embedding password management, MFA, and zero-trust principles into daily operations. Organizations that align IAM solutions with user behavior are best positioned to enhance resilience, mitigate risks, and ensure long-term security success.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
