One Quarter of Respondents Report Password-Related Breaches; Most End Users
Managing More Passwords than can be Easily Remembered
BEDFORD, Mass., Sept. 12 /PRNewswire-FirstCall/ -- RSA Security
(Nasdaq: RSAS) today announced results of the company's second annual
password management survey, which polled businesses on issues pertaining to
password management. More than 1,300 business professionals participated in
this global study, which confirmed that the burden of multiple passwords
continues to pose significant security risks, and encourages end-user
behavior that endangers compliance initiatives.
"While companies pour huge amounts of time and money into protecting
sensitive information, business passwords remain one of the weakest links
in the security chain, in large part due to the sheer number of passwords
that end users are required to manage," said John Worrall, senior vice
president of marketing at RSA Security. "Little has changed since 2005 --
end users are still managing an overwhelming number of passwords, and this
is resulting in behaviors which open the door to security breaches and
potential compliance issues."
Passwords Impacting Compliance Initiatives and Enabling Security
Breaches
RSA Security's survey polled respondents with jobs related to corporate
password management on a number of issues related to compliance and overall
IT security. Of note, 57 percent say their company's desire to avoid
end-user frustration prevents the organization from requiring frequent
password changes and/or strong password policies. In addition:
* Passwords in the Era of Compliance: Most companies surveyed view
password management as fundamental to compliance. In fact, 59 percent
said password management is "extremely important" to compliance.
Regionally, 66 percent of U.S. participants responded with "extremely
important," while 48 percent of Europeans answered the same.
* Passwords and IT Security: RSA Security's survey revealed that
organizations are very concerned about the impact of passwords on IT
security. Forty-one percent called passwords "extremely concerning;"
44 percent said "moderately concerning."
* Passwords and IT Security Breaches: Twenty-six percent of respondents
know of a corporate security breach that has occurred due to a
compromised password. Those in the Asia-Pacific region were most aware
(35 percent), while those in the U.S. were the least aware (14
percent). Examples of breaches resulting from compromised passwords
included:
- Former employees accessing business accounts using their own passwords
- A terminated employee guessing a former manager's password to gain
remote access
- An employee altering a co-worker's private human resources
information.
Password Overload Creating Frustration and Security Vulnerabilities
RSA Security's survey shows end users are overwhelmed by the number of
passwords necessary to access business applications, Web sites and portals.
This, in turn, is leading to risky behaviors:
* Passwords Required versus Passwords Remembered: Eighteen percent manage
more than 15 passwords, but only five percent can easily remember that
many. Thirty-six percent manage between six and 15 passwords.
Responses were similar to 2005, when 35 percent said they manage
between six and 15 passwords, and 23 percent said more than 15.
* Continued Frustration with Managing Passwords: The majority (82
percent) of end users are frustrated with managing passwords at work.
Globally, 12 percent find it "extremely frustrating" -- in the U.S., 15
percent answered in this manner, while only nine percent did so in
Europe. Last year, 88 percent reported some degree of frustration.
Password Policies and End User Behaviors
RSA Security's survey shows that password policies and end-user
behaviors vary dramatically:
* Password Change Requirements: Thirty-nine percent of respondents in the
Asia-Pacific region and 34 percent in Europe are required to change
passwords monthly; only 23 percent of U.S. respondents are required to
change passwords with the same frequency.
* Strong Password Policies: Most organizations enforce strong password
policies, according to survey respondents. Specifically, 70 percent
say their company requires passwords between eight and 14 characters,
using a combination of letters, numbers and symbols. However, 17
percent said their company has no password requirements. In addition,
48 percent say their company does not allow the re-use of old
passwords.
* Unsafe Password Tracking Practices: Most respondents with jobs related
to corporate password management know of employees tracking passwords
in an unsafe manner:
- Sixty-six percent have seen employees keep paper password records at
work, but only 13 percent of end users admit doing so (down from 15
percent last year)
- Fifty-eight percent are aware of employees keeping electronic password
records (e.g., in a spreadsheet), though only 24 percent of end users
say they keep electronic records themselves
- Fifty percent know of employees tracking passwords in a PDA or
handheld device
- Forty percent have seen employees track passwords with Post-It notes
or other scraps of paper affixed to their computer.
Passwords' Impact on the IT Help Desk
RSA Security's survey shows that password-related support requests add
significant workload to the IT help desk. One-fifth of respondents say that
password-related calls constitute 26-50 percent of help desk requests;
one-third says that between 11-25 percent of help desk calls are
password-related. Generally, larger companies are more burdened by
password-related help desk calls than smaller organizations.
Easing the Password Management Burden
RSA Security's survey also asked respondents whether it would be
helpful to have a "master password," replacing all other passwords at work.
Fifty-six percent of those surveyed said a master password would be
"extremely helpful." However, the vast majority -- 81 percent -- also
believes that it would be "extremely important" to provide an added layer
of protection for a master password. This is a significant increase from
2005, when 55 percent of respondents said an added layer of protection
would be "very important."
Survey Description and Methodology
The RSA Security password management survey was conducted online
between August 21 and August 25, 2006. The study polled 1,343 participants
from North America, Europe, Latin America and the Asia-Pacific region.
Additional survey results and further details may be found online at
http://www.rsasecurity.com/passwords.
About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the
Internet, the Company leads the way in strong authentication, encryption
and anti-fraud protection, bringing trust to millions of user identities
and the transactions that they perform. RSA Security's portfolio of
award-winning identity & access management solutions helps businesses to
establish who's who online -- and what they can do.
With a strong reputation built on a 20-year history of ingenuity,
leadership and proven technologies, we serve more than 21,000 customers --
including financial institutions representing hundreds of millions of
consumers around the globe -- and interoperate with over 1,000 technology
and integration partners. For more information, please visit
http://www.rsasecurity.com
RSA and RSA Security are either registered trademarks or trademarks of RSA
Security Inc. in the United States and/or other countries. All other products
and services mentioned are either registered trademarks or trademarks of their
respective companies.
For more information:
Sandra Heikkinen Dave Howell
OutCast Communications RSA Security Inc.
(415) 345-4703 (781) 515-6303
rsa@outcastpr.com dhowell@rsasecurity.com
SOURCE RSA Security Inc.
 back to top
Related links:
http://www.rsasecurity.com
CONTACT:
Dave Howell of RSA Security Inc.,
+1-781-515-6303, dhowell@rsasecurity.com; or Sandra Heikkinen of
OutCast Communications, +1-415-345-4703, rsa@outcastpr.com
|
