Security researchers have long pointed to effective password and access management as keys to protecting IT systems and networks, but a surprising number of organizations struggle with the fundamentals of IT security.