Mulitple passwords an increasing security risk

RSA survey says business passwords are being wriiten down

Research byvendor RSA Security shows that volumes of business passwords are overwhelming end users and hindering IT security efforts.

The company's second annual password management survey, which polled
1,300 business professionals found that 57 per cent of those with jobs related to corporate password management say their company's desire to avoid end-user frustration prevents the organisation from requiring frequent password changes and/or strong password policies.

Some 26 per cent of respondents know of a corporate security breach that has occurred due to a compromised password.

And 18 per cent say they manage more than 15 passwords, but only five per cent can easily remember that many while 36 per cent manage between six and 15 passwords.

Tim Pickard, strategic marketing director, RSA Security, says managing this many passwords can lead to lesser security.

'People use the same passwords or derivatives of the same passwords, use family names,' he said. 'These are all coping mechanisms which lessen security.'

Eighty two per cent of end users are frustrated with managing passwords at work.

Specifically, 70 per cent say their company requires passwords between eight and 14 characters, using a combination of letters, numbers and symbols. However, 17 per cent said their company has no password requirements.

Sixty-six per cent have seen employees keep paper password records at work, but only 13 per cent of end users admit doing so. Forty per cent have seen employees track passwords with Post-It notes or other scraps of paper affixed to their computer.

'The frequency that you change a password and then strength of the password are both going to be burdens on the helpdesk. If you have a large number of strong passwords it becomes a serious problem,' said Pickard.

What do you think? Email us at: [email protected]