End Users Suffering from Password Overload Rely Upon Risky Password Management
Behaviors; Password Reset Calls Driving Up IT Help Desk Costs
BEDFORD, Mass., Sept. 27 /PRNewswire-FirstCall/ -- RSA Security Inc.
(Nasdaq: RSAS) today announced survey results that show the challenges end
users face in managing passwords inside the enterprise, and the potential
corporate IT security risks that result. The survey of almost 1700 enterprise
technology end users in the United States showed that over a quarter of
respondents must manage more than 13 passwords at work, and that nine out of
ten respondents are frustrated with the password management challenge. This
frustration is leading to behaviors that could jeopardize IT security, as well
as compliance initiatives.
"Compliance initiatives have led companies to enforce and strengthen
password policies, which has resulted in additional burdens for the end user
-- such as requiring that employees change passwords more frequently, or
leverage very difficult to remember passwords," said Andrew Braunberg, senior
analyst at Current Analysis. "Paradoxically, password policies that are not
user-friendly spur risky behavior that can undermine security. These policies
also raise IT help desk costs as companies allocate more resources to password
resets."
Plethora of Passwords Creates Frustration
The results of the RSA Security survey reveal that employees are managing
an incredibly large number of passwords at work. Twenty-eight percent of
respondents must keep track of more than 13 passwords; 30 percent of
respondents manage between 6-12 passwords. Managing so many passwords is
leading to greater end user frustration: the vast majority of those surveyed
(88 percent) reported frustration with the password management process.
Password Overload Driving Risky IT Security Behaviors
RSA Security's survey findings indicate that while end users may attempt
to memorize passwords, employees continue to resort to other, less secure
means of tracking multiple passwords. The most common risky password
management behaviors include:
-- Maintaining a spreadsheet or other document stored on the PC (25
percent)
-- Recording a list of passwords on a PDA or other handheld device (22
percent)
-- Keeping a paper record of passwords in an office/workspace (15 percent)
The Password Burden on the IT Help Desk
Research from the Burton Group reports that each call to the IT help desk
may cost between $25 and $50. Despite this, the RSA Security survey showed
that the bulk of password reset responsibilities continue to lie in the hands
of IT help desk staff, with 82 percent of respondents indicating that IT help
desk staff must intervene when passwords are lost or forgotten.
The survey also showed the potential for lost productivity when employees
rely on the IT help desk to manage a lost or forgotten password. Twenty
percent of respondents said it takes the IT help desk staff between 6 and 15
minutes to address a lost or forgotten password problem; 17 percent said it
takes longer than 16 minutes.
Protecting the "Keys to the Kingdom"
Respondents were queried on the impact of leveraging a "master password,"
which could be used to gain access to all other passwords. The overwhelming
majority of respondents -- 98 percent -- believe that it would be important to
add a layer of protection if they were provided with one master password at
work - essentially, protecting the "keys to the kingdom." Tellingly, 55
percent of respondents rated adding an added layer of security as "very
important."
Survey Description and Methodology
The RSA Security password management survey was conducted online between
August 31 and September 19, 2005. 1685 respondents, including CIOs/CSOs, and
IT directors, managers and administrators took part in the online survey. The
survey polled individuals located in the United States.
***Note to media: A report with additional survey results can be obtained
by sending a note to dhowell@rsasecurity.com.
About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the Internet,
the company leads the way in strong authentication and encryption, bringing
trust to millions of user identities and the transactions that they perform.
RSA Security's portfolio of award-winning identity & access management
solutions helps businesses to establish who's who online - and what they can
do.
With a strong reputation built on a 20-year history of ingenuity,
leadership and proven technologies, we serve more than 18,000 customers around
the globe and interoperate with more than 1,000 technology and integration
partners. For more information, please visit http://www.rsasecurity.com.
RSA Security is a registered trademarks or trademarks of RSA Security Inc.
in the United States and/or other countries. All other products and services
mentioned are trademarks of their respective companies.
For more information:
Erica Pereira Dave Howell
OutCast Communications RSA Security Inc.
(415) 392-4728 (781) 515-6303
erica@outcastpr.com dhowell@rsasecurity.com
SOURCE RSA Security Inc.
 back to top
Related links:
http://www.rsasecurity.com
CONTACT:
Erica Pereira of OutCast Communications,
+1-415-392-4728, erica@outcastpr.com; or Dave Howell of RSA
Security Inc., +1-781-515-6303 dhowell@rsasecurity.com
|
