Two-thirds of firms have insufficient password security

More than two-thirds of organisations are using insecure methods to store administrative and user passwords, research shows.

Some 19 per cent of IT professionals admit that IT staff and other company employees store computer passwords on post-it notes, according to the survey from information security firm Cyber-Ark.

Twenty-six per cent of firms have insufficient security in place to stop unauthorised members in the IT department from accessing administrative passwords that guard critical business systems, the research shows.

'Many large organisations around the world are storing administrative passwords, which are the key to business systems, on pieces of paper or in filing cabinets,' said Udi Mokady, chief operating officer of Cyber-Ark.

'This is worrying. A business can't with confidence say that it knows who is able to alter key information unless they have proper administrative password controls.'

Some 14 per cent of organisations still store administrative passwords in poorly secured excel files, 10 per cent never change passwords and five per cent never alter the manufacturer's default passwords.

Analyst firm Ovum says poor password management can add extra IT expenses in other areas.

'Some 30 to 40 per cent of help desk requests come from users who have forgotten or lost their password details,' Graham Titterington, principal analyst at Ovum told Computing.

Businesses need to develop a holistic password management strategy, focusing on educating employees, updating passwords and centrally storing them using a directory, says Titterington.

'You might even question the validity of passwords in the future,' said Titterington. 'Two factor authentication is going to become a lot more common, especially in information sensitive departments.'

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.