Balbix Releases State of Password Use Report 2020

Press Release —

Report Reveals 99% of Enterprise Users Reuse Passwords Across Nearly 3 Accounts

SAN JOSE, Calif–(BUSINESS WIRE)–Balbix Inc., provider of the industry’s first system for cybersecurity posture transformation, today released its State of Password Use Report 2020. The Balbix Security Analytics Team set out to determine the leading behaviors of password use in the enterprise as well as the key trends of breaches caused by compromised credentials. The findings of the report unveil that very few users take appropriate action to significantly reduce the risk of password compromise.

The study found that more than 99% of users reuse passwords, either across work accounts, or between work and personal accounts. Password reuse is widely prevalent due to the desire for convenience and speed when navigating various accounts. Balbix’s report also discovered that on average, every single user password is shared across 2.7 accounts. What’s more, the average user has more than 8 passwords shared between accounts, with 7.5 passwords shared between work and personal accounts and 0.8 passwords shared between internal and SaaS accounts.

“The rapid shift to remote work as a result of COVID-19 has simultaneously shifted the balance of control away from IT and towards employees,” said Abe Smith, cybersecurity veteran with decades of information security leadership roles in the Bay Area. “Even well-intentioned users won’t have identity best practices, such as multifactor authentication and avoiding password reuse, in mind when adopting new tools. Security teams must find ways to automate identification of password risks.”

Breaches caused by compromised credentials are not the result of a small minority of users with poor password hygiene – they are the result of a widespread issue. The report determined the key password related issues most responsible for the overall breach risk to the enterprise. They are listed in order of greatest risk below:

  • Weak and default system passwords on domain controllers and other infrastructure components and services
  • Cached credentials for logging into mission critical systems
  • Privileged user machines with a high likelihood of breach logging into core servers
  • Password reuse between work and personal accounts

Considering different aspects of security, organizations have the least control over passwords. Users desire a high level of convenience, and while this is a common human behavior, organizations still must prioritize the issue of poor password hygiene to remediate associated risk.

“Compromised, weak and reused passwords still account for the majority of hacking-related data breaches and are one of the top risk issues for most enterprises” said Gaurav Banga, CEO and founder of Balbix. “In order to transform cyber security posture and increase overall resilience, enterprises must systematically address the weaknesses in their password strategies, adopting proven technologies such as multifactor authentication and password managers.”


Findings of this report were collected in early 2020 by randomly sampling data from more than 10,000 Balbix users, across dozens of enterprise accounts representing every major industry. This data was continuously collected by sensors, connectors, and collectors deployed across the enterprise network to discover, inventory, and monitor devices, apps, and users across 100+ attack vectors.

This data was fed into the cloud-based Balbix Brain, where risk likelihood and impact was calculated for every asset and attack vector, providing a prioritized view of the highest risk issues across the enterprise.

To learn more about the current state of password security and associated risk for the enterprise, download the full report here:

About Balbix

Balbix is the world’s first cybersecurity platform to leverage specialized AI to provide real-time visibility into an organization’s breach risk. The Balbix system predicts where and how breaches are likely to happen, prescribes prioritized mitigating actions, and enables workflows to address the underlying security issues. By using Balbix, CISOs and CIOs can transform their organization’s cybersecurity posture, reducing cyber risk by 95% or more, while making security teams 10 times more efficient. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a “Cool Vendor” by Gartner in 2018. For more information, visit our website and blog, follow us on Twitter and LinkedIn