Feeds

Password overload plagues US.biz

Under pressure

Internet Security Threat Report 2014

Managing multiple passwords is driving end-users up the wall and leading to rising help desk costs due to frequent password reset calls.

A recent survey of almost 1,700 enterprise technology end-users in the US commissioned by RSA Security showed that over a quarter of respondents must manage more than 13 passwords (28 per cent) at work while 30 per cent juggle between six to 12 passwords. The vast majority (88 per cent) of those quizzed expressed frustration over managing multiple passwords. This frustration is leading to behaviours that could jeopardise IT security, as well as compliance initiatives.

As a leading supplier of two factor authentication products and other software designed to address password management problems, RSA Security is hardly a disinterested party here but that doesn't mean it's necessarily wrong in pointing to signs of mounting password overload. RSA's online survey found that while many end-users may attempt to memorise passwords, employees continue to resort to other, less secure means of tracking multiple passwords. The most common risky password management behaviours include: maintaining a spreadsheet or other document containing passwords on a PC (25 per cent); recording a list of passwords on a PDA or other handheld device (22 per cent) and keeping a paper record of passwords in an office (15 per cent).

The Post-It note containing sensitive corporate passwords left in plain view is alive and well in the offices of America, it would seem.

RSA's survey also showed the potential for lost productivity when employees rely on the IT help desk to manage a lost or forgotten password. One in five respondents (20 per cent) said it takes the IT help desk staff between six and 15 minutes to address a lost or forgotten password problem; 17 per cent said it takes longer than 16 minutes. Separate research from the Burton Group reports that IT help desk calls cost somewhere between $25 and $50 each.

The situation is bad enough already but compliance initiatives, which encourage firms to enforce and strengthen password policies, could make matters worse by requiring workers to change passwords more frequently, or use passwords that are very difficult to remember.

Andrew Braunberg, senior analyst at Current Analysis, said: "Paradoxically, password policies that are not user-friendly spur risky behaviour that can undermine security. These policies also raise IT help desk costs as companies allocate more resources to password resets." ®

Beginner's guide to SSL certificates

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.