Thursday, September 04, 2008

Death of passwords? Not quite yet!

On Valentine's Day 2006 Bill Gates talked about the need to move away from passwords:

"I don't pretend that we are going to move away from passwords overnight, but over three or four years, for corporate systems, this change can and should happen,"

So we are about 2.5 years after that speech by Bill and 52% of enterprises still only require passwords to access critical data. That's one of the many data points that came up in a recent Aberdeen study that we underwrote regarding strong authentication. Some of the other interesting statistics include:

Other key findings of the Aberdeen benchmark study include:
  • 88% of enterprise users have multiple work-related passwords, averaging between five and six
  • 64% of organizations do not even require users to change their passwords
  • 45% of organizations allow standard dictionary terms (like “password”)
  • 29% of organizations have no requirements for password length
I wish I had a comparable study from a few years ago so I could answer questions like: Have we improved our security related to password and strong authentication and how?

Do you think we have improved much since Bill's RSA keynote speech? I'm not feeling all warm, cozy and secure...

Technorati Tags:
, , , , , , , ,

No comments: