BEDFORD, Mass., Sept. 12 /PRNewswire-FirstCall/ -- RSA Security (Nasdaq: RSAS) today announced results of the company's second annual password management survey, which polled businesses on issues pertaining to password management. More than 1,300 business professionals participated in this global study, which confirmed that the burden of multiple passwords continues to pose significant security risks, and encourages end-user behavior that endangers compliance initiatives.
"While companies pour huge amounts of time and money into protecting sensitive information, business passwords remain one of the weakest links in the security chain, in large part due to the sheer number of passwords that end users are required to manage," said John Worrall, senior vice president of marketing at RSA Security. "Little has changed since 2005 -- end users are still managing an overwhelming number of passwords, and this is resulting in behaviors which open the door to security breaches and potential compliance issues."
Passwords Impacting Compliance Initiatives and Enabling Security Breaches
RSA Security's survey polled respondents with jobs related to corporate password management on a number of issues related to compliance and overall IT security. Of note, 57 percent say their company's desire to avoid end-user frustration prevents the organization from requiring frequent password changes and/or strong password policies. In addition:
* Passwords in the Era of Compliance: Most companies surveyed view password management as fundamental to compliance. In fact, 59 percent said password management is "extremely important" to compliance. Regionally, 66 percent of U.S. participants responded with "extremely important," while 48 percent of Europeans answered the same. * Passwords and IT Security: RSA Security's survey revealed that organizations are very concerned about the impact of passwords on IT security. Forty-one percent called passwords "extremely concerning;" 44 percent said "moderately concerning." * Passwords and IT Security Breaches: Twenty-six percent of respondents know of a corporate security breach that has occurred due to a compromised password. Those in the Asia-Pacific region were most aware (35 percent), while those in the U.S. were the least aware (14 percent). Examples of breaches resulting from compromised passwords included: - Former employees accessing business accounts using their own passwords - A terminated employee guessing a former manager's password to gain remote access - An employee altering a co-worker's private human resources information. Password Overload Creating Frustration and Security Vulnerabilities
RSA Security's survey shows end users are overwhelmed by the number of passwords necessary to access business applications, Web sites and portals. This, in turn, is leading to risky behaviors:
* Passwords Required versus Passwords Remembered: Eighteen percent manage more than 15 passwords, but only five percent can easily remember that many. Thirty-six percent manage between six and 15 passwords. Responses were similar to 2005, when 35 percent said they manage between six and 15 passwords, and 23 percent said more than 15. * Continued Frustration with Managing Passwords: The majority (82 percent) of end users are frustrated with managing passwords at work. Globally, 12 percent find it "extremely frustrating" -- in the U.S., 15 percent answered in this manner, while only nine percent did so in Europe. Last year, 88 percent reported some degree of frustration. Password Policies and End User Behaviors
RSA Security's survey shows that password policies and end-user behaviors vary dramatically: