News

Businesses pay price for password frustration

Tash Shifrin

The failure of employees to cope with the proliferation of passwords they need at work is adding to business costs and undermining IT security, research has revealed.

A survey of 1,700 end-users in major US businesses – more than half of them IT professionals – showed that 28% had to manage more than 13 passwords at work and were struggling to cope. Another 30% were trying to keep track of between six and 12 passwords.

The burden of resetting passwords is increasing IT helpdesk workloads, with 82% of respondents saying they had to ask helpdesk staff to intervene when passwords were lost or forgotten, the survey by internet security firm RSA Security found.

The extra IT workload and lost staff productivity time added to business costs.

The survey also revealed that staff were resorting to insecure and risky methods to keep track of passwords. A quarter recorded their access codes in a document on their PC, another 22% listed the passwords on PDAs or handheld devices, and 15% wrote it down on a piece of paper which they kept in their workspace or office.

Sheila Doherty, product marketing manager at RSA Security, said the increasing requirement for passwords was partly driven by corporate governance requirements.

“In general we haven’t seen companies quantifying helpdesk costs to a great extent," she said. "But a lot of analysts recall up to 50% of calls are for password resets. Each call to the helpdesk costs between $25 and $50 [£14-£28]. I think there’s not a real awareness of how big this is for companies.”

Doherty warned there was a security threat from staff recording their passwords on their PCs.

“That’s certainly creating some security loopholes where hackers can get on and secure databases can be compromised,” she said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy