"I don't pretend that we are going to move away from passwords overnight, but over three or four years, for corporate systems, this change can and should happen,"
So we are about 2.5 years after that speech by Bill and 52% of enterprises still only require passwords to access critical data. That's one of the many data points that came up in a recent Aberdeen study that we underwrote regarding strong authentication. Some of the other interesting statistics include:
Other key findings of the Aberdeen benchmark study include:
- 88% of enterprise users have multiple work-related passwords, averaging between five and six
- 64% of organizations do not even require users to change their passwords
- 45% of organizations allow standard dictionary terms (like “password”)
- 29% of organizations have no requirements for password length
Do you think we have improved much since Bill's RSA keynote speech? I'm not feeling all warm, cozy and secure...
strong authentication, passwords, security, Microsoft, rosoft, MSFT, Quest Software, QSFT, Defender