Password overload causes security breaches and non-compliance

The sheer number of network, web and application passwords that employees now have to manage is endangering companies’ security.

The sheer number of network, web and application passwords that employees now have to manage is endangering companies’ security.

RSA Security’s second annual password management survey polled more than 1,300 business professionals, and the survey confirmed that the burden of multiple passwords continues to pose significant security risks and encourages bad end-user behaviour.

This behaviour endangers company compliance initiatives, as well as opening them up to security breaches, said RSA.

The survey found that 18% of staff had to manage more than 15 passwords, but that only 5% can easily remember that many. 

The poll found that 36% of staff had to manage between six and 15 passwords. 

Last year, the survey found that 35% had to manage between six and 15 passwords and 23% had to deal with more than 15 passwords.

John Worrall, senior vice-president of marketing at RSA Security, said, “While companies pour huge amounts of time and money into protecting sensitive information, business passwords remain one of the weakest links in the security chain.

“This is due in large part to the sheer number of passwords that end-users are required to manage. Little has changed since 2005 - end-users are still managing an overwhelming number of passwords and this is resulting in behaviours which open the door to security breaches and potential compliance issues,” said Worrall.

RSA’s survey polled respondents with jobs related to corporate password management on a number of issues related to compliance and overall IT security. 

The survey found that 57% said their company's desire to avoid end-user frustration prevented the organisation from requiring frequent password changes and/or strong password policies. 

In addition, 26% of respondents knew of a corporate security breach that has occurred due to a compromised password. 

Examples of breaches resulting from compromised passwords included former employees accessing business accounts using their own passwords, a terminated employee guessing a former manager's password to gain remote access, and an employee altering a co-worker's private human resources information.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest  organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Read more on IT legislation and regulation