The sheer number of network, web and application
passwords that employees now have to manage is endangering
companies’ security.
RSA Security’s second annual password management survey polled
more than 1,300 business professionals, and the survey confirmed
that the burden of multiple passwords continues to pose significant
security risks and encourages bad end-user behaviour.
This behaviour endangers company compliance initiatives, as well
as opening them up to security breaches, said RSA.
The survey found that 18% of staff had to manage more than 15
passwords, but that only 5% can easily remember that many.
The poll found that 36% of staff had to manage between six and
15 passwords.
Last year, the survey found that 35% had to manage between six
and 15 passwords and 23% had to deal with more than 15
passwords.
John Worrall, senior vice-president of marketing at RSA
Security, said, “While companies pour huge amounts of time and
money into protecting sensitive information, business passwords
remain one of the weakest links in the security chain.
“This is due in large part to the sheer number of passwords that
end-users are required to manage. Little has changed since 2005 -
end-users are still managing an overwhelming number of passwords
and this is resulting in behaviours which open the door to security
breaches and potential compliance issues,” said Worrall.
RSA’s survey polled respondents with jobs related to corporate
password management on a number of issues related to compliance and
overall IT security.
The survey found that 57% said their company's desire to avoid
end-user frustration prevented the organisation from requiring
frequent password changes and/or strong password policies.
In addition, 26% of respondents knew of a corporate security
breach that has occurred due to a compromised password.
Examples of breaches resulting from compromised passwords
included former employees accessing business accounts using their
own passwords, a terminated employee guessing a former manager's
password to gain remote access, and an employee altering a
co-worker's private human resources information.
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats