RSA Security Research Shows Volume of Business Passwords Overwhelming End Users and Hindering IT Security Efforts
September 12 2006 - 9:30AM
PR Newswire (US)
One Quarter of Respondents Report Password-Related Breaches; Most
End Users Managing More Passwords than can be Easily Remembered
BEDFORD, Mass., Sept. 12 /PRNewswire-FirstCall/ -- RSA Security
(NASDAQ:RSAS) today announced results of the company's second
annual password management survey, which polled businesses on
issues pertaining to password management. More than 1,300 business
professionals participated in this global study, which confirmed
that the burden of multiple passwords continues to pose significant
security risks, and encourages end-user behavior that endangers
compliance initiatives. "While companies pour huge amounts of time
and money into protecting sensitive information, business passwords
remain one of the weakest links in the security chain, in large
part due to the sheer number of passwords that end users are
required to manage," said John Worrall, senior vice president of
marketing at RSA Security. "Little has changed since 2005 -- end
users are still managing an overwhelming number of passwords, and
this is resulting in behaviors which open the door to security
breaches and potential compliance issues." Passwords Impacting
Compliance Initiatives and Enabling Security Breaches RSA
Security's survey polled respondents with jobs related to corporate
password management on a number of issues related to compliance and
overall IT security. Of note, 57 percent say their company's desire
to avoid end-user frustration prevents the organization from
requiring frequent password changes and/or strong password
policies. In addition: * Passwords in the Era of Compliance: Most
companies surveyed view password management as fundamental to
compliance. In fact, 59 percent said password management is
"extremely important" to compliance. Regionally, 66 percent of U.S.
participants responded with "extremely important," while 48 percent
of Europeans answered the same. * Passwords and IT Security: RSA
Security's survey revealed that organizations are very concerned
about the impact of passwords on IT security. Forty-one percent
called passwords "extremely concerning;" 44 percent said
"moderately concerning." * Passwords and IT Security Breaches:
Twenty-six percent of respondents know of a corporate security
breach that has occurred due to a compromised password. Those in
the Asia-Pacific region were most aware (35 percent), while those
in the U.S. were the least aware (14 percent). Examples of breaches
resulting from compromised passwords included: - Former employees
accessing business accounts using their own passwords - A
terminated employee guessing a former manager's password to gain
remote access - An employee altering a co-worker's private human
resources information. Password Overload Creating Frustration and
Security Vulnerabilities RSA Security's survey shows end users are
overwhelmed by the number of passwords necessary to access business
applications, Web sites and portals. This, in turn, is leading to
risky behaviors: * Passwords Required versus Passwords Remembered:
Eighteen percent manage more than 15 passwords, but only five
percent can easily remember that many. Thirty-six percent manage
between six and 15 passwords. Responses were similar to 2005, when
35 percent said they manage between six and 15 passwords, and 23
percent said more than 15. * Continued Frustration with Managing
Passwords: The majority (82 percent) of end users are frustrated
with managing passwords at work. Globally, 12 percent find it
"extremely frustrating" -- in the U.S., 15 percent answered in this
manner, while only nine percent did so in Europe. Last year, 88
percent reported some degree of frustration. Password Policies and
End User Behaviors RSA Security's survey shows that password
policies and end-user behaviors vary dramatically: * Password
Change Requirements: Thirty-nine percent of respondents in the
Asia-Pacific region and 34 percent in Europe are required to change
passwords monthly; only 23 percent of U.S. respondents are required
to change passwords with the same frequency. * Strong Password
Policies: Most organizations enforce strong password policies,
according to survey respondents. Specifically, 70 percent say their
company requires passwords between eight and 14 characters, using a
combination of letters, numbers and symbols. However, 17 percent
said their company has no password requirements. In addition, 48
percent say their company does not allow the re-use of old
passwords. * Unsafe Password Tracking Practices: Most respondents
with jobs related to corporate password management know of
employees tracking passwords in an unsafe manner: - Sixty-six
percent have seen employees keep paper password records at work,
but only 13 percent of end users admit doing so (down from 15
percent last year) - Fifty-eight percent are aware of employees
keeping electronic password records (e.g., in a spreadsheet),
though only 24 percent of end users say they keep electronic
records themselves - Fifty percent know of employees tracking
passwords in a PDA or handheld device - Forty percent have seen
employees track passwords with Post-It notes or other scraps of
paper affixed to their computer. Passwords' Impact on the IT Help
Desk RSA Security's survey shows that password-related support
requests add significant workload to the IT help desk. One-fifth of
respondents say that password-related calls constitute 26-50
percent of help desk requests; one-third says that between 11-25
percent of help desk calls are password-related. Generally, larger
companies are more burdened by password-related help desk calls
than smaller organizations. Easing the Password Management Burden
RSA Security's survey also asked respondents whether it would be
helpful to have a "master password," replacing all other passwords
at work. Fifty-six percent of those surveyed said a master password
would be "extremely helpful." However, the vast majority -- 81
percent -- also believes that it would be "extremely important" to
provide an added layer of protection for a master password. This is
a significant increase from 2005, when 55 percent of respondents
said an added layer of protection would be "very important." Survey
Description and Methodology The RSA Security password management
survey was conducted online between August 21 and August 25, 2006.
The study polled 1,343 participants from North America, Europe,
Latin America and the Asia-Pacific region. Additional survey
results and further details may be found online at
http://www.rsasecurity.com/passwords. About RSA Security Inc. RSA
Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the
Internet, the Company leads the way in strong authentication,
encryption and anti-fraud protection, bringing trust to millions of
user identities and the transactions that they perform. RSA
Security's portfolio of award-winning identity & access
management solutions helps businesses to establish who's who online
-- and what they can do. With a strong reputation built on a
20-year history of ingenuity, leadership and proven technologies,
we serve more than 21,000 customers -- including financial
institutions representing hundreds of millions of consumers around
the globe -- and interoperate with over 1,000 technology and
integration partners. For more information, please visit
http://www.rsasecurity.com/ RSA and RSA Security are either
registered trademarks or trademarks of RSA Security Inc. in the
United States and/or other countries. All other products and
services mentioned are either registered trademarks or trademarks
of their respective companies. For more information: Sandra
Heikkinen Dave Howell OutCast Communications RSA Security Inc.
(415) 345-4703 (781) 515-6303 DATASOURCE: RSA Security Inc.
CONTACT: Dave Howell of RSA Security Inc., +1-781-515-6303, ; or
Sandra Heikkinen of OutCast Communications, +1-415-345-4703, Web
site: http://www.rsasecurity.com/
Copyright
Rsa Security (NASDAQ:RSAS)
Historical Stock Chart
From Nov 2024 to Dec 2024
Rsa Security (NASDAQ:RSAS)
Historical Stock Chart
From Dec 2023 to Dec 2024