One-third of corporate employees violate password policies
Oct 24, 2006 2:46 PM
Passwords are largely ineffective at protecting corporate data due to common human error, a study by Nucleus Research and KnowledgeStorm finds. More than a third of employees write down or electronically record their passwords, creating significant vulnerabilities.
Even worse, lowering the quantity of passwords, changing password complexity, or altering password change frequency had no impact on employee actions.
Companies that spend time and money creating password security strategies are largely wasting their time, because one in three employees are writing down passwords regardless of password policies, says David O'Connell, senior analyst at Nucleus Research.
Companies looking to ensure security should look beyond passwords to other authentication strategies. The study surveyed 325 enterprise users and found that more than one third wrote down their password, despite the clear security risk it poses. Of those who keep a record of their password, two-thirds store it in a text file on either a PC or mobile device, creating new vulnerabilities for fraudulent access to data.
The study finds the same percentage of users write down or store their password regardless of the type of security system in place restrictive, average or lenient.
Many companies try to improve password security by adding complexity, such as requiring both numbers and letters or even special characters in each password, increasing the frequency that passwords are changed or requiring a greater number of passwords to enable access. As long as users write down or store their password, none of these efforts add any protection.
In fact, single sign-on is just as effective as more complex schemes, according to the study. Even user education on the importance of protecting a password does little to reduce the number of people who keep a written or electronic record of the password.
Companies may want to review biometrics, cognitive biometrics and other authentication technologies to improve their overall security, the report concludes.
Want to use this article? Click here for options!
© 2008 Penton Media Inc.
Today's New Product
|
Privaris Biometric Verification SoftwareIn support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization. |
advertisement
This month in Access Control
- Targeting The Customer
- Electronic Pedigrees
- One Hero Among Many
- Who? What? When? Where? Why?
- More from September's issue
Latest Jobs
advertisement
