Security Market Segment LS
Thursday, 29 September 2005 10:00

Multiple passwords creating security risks


A new survey indicates that having to maintain multiple passwords at work has the potential of compromising the security of organisations due to user frustration.

The survey, from IT security consultant RSA Security, of almost 1700 enterprise technology end users in the US showed that over a quarter of respondents must manage more than 13 passwords at work, and that nine out of ten respondents are frustrated with the password management challenge. This frustration is leading to behaviours that could jeopardise IT security, as well as compliance initiatives.

'Compliance initiatives have led companies to enforce and strengthen password policies, which has resulted in additional burdens for the end user - such as requiring that employees change passwords more frequently, or leverage very difficult to remember passwords,' said Andrew Braunberg, senior analyst at research group Current Analysis. 'Paradoxically, password policies that are not user-friendly spur risky behaviour that can undermine security. These policies also raise IT help desk costs as companies allocate more resources to password resets.'

The results of the RSA Security survey reveal that employees are managing an incredibly large number of passwords at work. 28% of respondents must keep track of more than 13 passwords; 30% of respondents manage between 6-12 passwords.  Managing so many passwords is leading to greater end user frustration - the vast majority of those surveyed (88%) reported frustration with the password management process.

RSA Security's survey findings indicate that while end users may attempt to memorise passwords, employees continue to resort to other, less secure means of tracking multiple passwords.  The most common risky password management behaviours include:

·         Maintaining a spreadsheet or other document stored on the PC (25%)

·         Recording a list of passwords on a PDA or other handheld device (22%)

·         Keeping a paper record of passwords in an office/workspace (15%)

Research from the Burton Group reports that each call to the IT help desk may cost between US$25 and US$50. Despite this, the RSA Security survey showed that the bulk of password reset responsibilities continue to lie in the hands of IT help desk staff, with 82% of respondents indicating that IT help desk staff must intervene when passwords are lost or forgotten. 

The survey also showed the potential for lost productivity when employees rely on the IT help desk to manage a lost or forgotten password. 20% of respondents said it takes the IT help desk staff between 6 and 15 minutes to address a lost or forgotten password problem; 17% said it takes longer than 16 minutes.

Respondents were queried on the impact of leveraging a 'master password' that could be used to gain access to all other passwords.  The overwhelming majority of respondents - 98% - believe that it would be important to add a layer of protection if they were provided with one master password at work - essentially, protecting the 'keys to the kingdom'. Tellingly, 55% of respondents rated adding an added layer of security as 'very important.'

The RSA Security password management survey was conducted online between August 31 and September 19, 2005. There were 1685 US respondents - including CIOs/CSOs, and IT directors, managers and administrators - who took part in the online survey.

Read 5192 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Stan Beer

Stan Beer has been involved with the IT industry for 39 years and has worked as a senior journalist and editor at most of the major media publications, including The Australian, Australian Financial Review, The Age, SMH, BRW, and a number of IT trade journals. He co-founded iTWire in 2004, where he was editor in chief until 2016. Today, Stan consults with iTWire News Site /Website administration, advertising scheduling, news editorial posts. In 2016 Stan was presented with a Kester Lifetime Achievement Award for his contribution to Australian IT journalism.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News