RSA Security Research Shows Volume of Business Passwords Overwhelming End Users and Hindering IT Security Efforts

More than 1,300 business professionals participated in this global study


* Password Change Requirements: Thirty-nine percent of respondents in the Asia-Pacific region and 34 percent in Europe are required to change passwords monthly; only 23 percent of U.S. respondents are required to change passwords with the same frequency. * Strong Password Policies: Most organizations enforce strong password policies, according to survey respondents. Specifically, 70 percent say their company requires passwords between eight and 14 characters, using a combination of letters, numbers and symbols. However, 17 percent said their company has no password requirements. In addition, 48 percent say their company does not allow the re-use of old passwords. * Unsafe Password Tracking Practices: Most respondents with jobs related to corporate password management know of employees tracking passwords in an unsafe manner: - Sixty-six percent have seen employees keep paper password records at work, but only 13 percent of end users admit doing so (down from 15 percent last year) - Fifty-eight percent are aware of employees keeping electronic password records (e.g., in a spreadsheet), though only 24 percent of end users say they keep electronic records themselves - Fifty percent know of employees tracking passwords in a PDA or handheld device - Forty percent have seen employees track passwords with Post-It notes or other scraps of paper affixed to their computer. Passwords' Impact on the IT Help Desk

RSA Security's survey shows that password-related support requests add significant workload to the IT help desk. One-fifth of respondents say that password-related calls constitute 26-50 percent of help desk requests; one-third says that between 11-25 percent of help desk calls are password-related. Generally, larger companies are more burdened by password-related help desk calls than smaller organizations.

Easing the Password Management Burden

RSA Security's survey also asked respondents whether it would be helpful to have a "master password," replacing all other passwords at work. Fifty-six percent of those surveyed said a master password would be "extremely helpful." However, the vast majority -- 81 percent -- also believes that it would be "extremely important" to provide an added layer of protection for a master password. This is a significant increase from 2005, when 55 percent of respondents said an added layer of protection would be "very important."

Survey Description and Methodology

The RSA Security password management survey was conducted online between August 21 and August 25, 2006. The study polled 1,343 participants from North America, Europe, Latin America and the Asia-Pacific region.

Additional survey results and further details may be found online at www.rsasecurity.com/passwords.