Thursday, December 28, 2006

Interesting password research - Hyperpassworditis still rampant!

Quest Software recently commissioned a study on the use of passwords in London’s financial district. The study consisted of interviews of 200 city workers. The findings were pretty interesting…

City firms are contravening SANS Institute best practice guidelines for passwords.

  • Half of respondents’ passwords are below recommended eight characters
  • 84% of respondents make up their own passwords (not recommended)
  • About a quarter of respondents use the same password for business/personal systems
  • Nearly 50% of the respondents had passwords that were under 8 characters in length.
  • 31% of respondents have told a co-worker their password
  • 15% of respondents either never change their passwords or change their passwords only once a year or less often.

Some other interesting tidbits...

  • 75% of respondents use multiple passwords for different applications during a typical work week
  • 12% of respondents use 5 or more passwords in a typical work week
  • Only 22% of the workers surveyed had to use more than a password to logon (i.e., smartcard or other such two-factor device).

Conclusion: End-users are still suffering from hyperpassworditis (i.e., too many passwords to remember); companies still have a long ways to go to improving their security and compliance posture; and, more education about this topic is still needed!

Technorati Tags:

No comments: