More Than Half Of Organizations Access Data With Password Only
Sep 9, 2008 4:13 PM
A recent study shows that 52 percent of organizations require only passwords for employees to access critical data, rather than augmenting passwords with stronger forms of authentication such as hardware tokens, digital certificates or risk-based scoring. Nearly 150 organizations from a diverse set of global industries were polled for the Aberdeen Group benchmark study, "Strong User Authentication, which Quest Software Inc. underwrote.
Other key findings of the Aberdeen benchmark study include:
-- 88 percent of enterprise users have multiple work-related passwords, averaging between five and six.
-- 64 percent of organizations do not even require users to change their passwords.
-- 45 percent of organizations allow standard dictionary terms (like "password").
-- 29 percent of organizations have no requirements for password length.
"With the recent, well-publicized incidents of network and identity theft, companies need to put security first and require more than just passwords for user authentication," says Jackson Shaw, senior director, product management, Quest Software. "Helping our customers increase security and mitigate the risk associated with compromised confidential information has become a top priority at Quest."
Forty percent of those surveyed stated that risk from external users was the leading driver for current investments in strong user authentication, as opposed to risk from internal users, the leading driver for only 16 percent. This is a result of requiring organizations to provide more end users with expanded access - including remote employees, contractors, partners and customers. This expanded access can dramatically increase security breaches from external sources if stronger forms of authentication are not in place.
"Four-fifths of companies with top performance in the study have deployed one or more stronger, non-password methods of user authentication," says Derek Brink, vice president and research fellow for IT Security, Aberdeen Group. "In doing so they have also reduced the number of security-related incidents, improved their success with audit and compliance, and reduced the number of help desk calls and total management costs related to user authentication."
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
Today's New Product
|
Privaris Biometric Verification SoftwareIn support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization. |
advertisement
This month in Access Control
- Targeting The Customer
- Electronic Pedigrees
- One Hero Among Many
- Who? What? When? Where? Why?
- More from September's issue
Latest Jobs
advertisement