All the latest UK technology news, reviews and analysis
|
|
|
28 Sep 2005
A survey of 1,685 US businesses has shown that nearly a quarter of workers have to remember 15 or more passwords.
The researchers claim that this is costing money because of the level of support calls and the length of time it takes to get passwords reset.
Nearly one in five of those questioned had to wait an hour or more before regaining access to their systems.
Many users are writing down their passwords to deal with the problem, which can lead to a serious breach of security.
A quarter of users store them on a spreadsheet on their PC, 23 per cent on a PDA, 15 per cent keep a paper record and nearly one in 20 attach their password to the PC with a Post-it note.
"Compliance initiatives have led companies to enforce and strengthen password policies, which has resulted in additional burdens for the end user, such as requiring that employees change passwords more frequently, or use passwords that are very difficult to remember," said Andrew Braunberg, senior analyst at Current Analysis.
"Paradoxically, password policies that are not user-friendly spur risky behaviour that can undermine security. These policies also raise IT help desk costs as companies allocate more resources to password resets."
The survey, sponsored by RSA Security, found that 88 per cent of respondents are frustrated at their company's password policy.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My multi- national Partner client has charged me exclusively...
Senior IT Operations Engineer -MCSE, IIS7/7.5, SAN, CDN...
I have an urgent requirement for short term contract...
User Interface Developer x 1/2 - Leading Organisation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Dilemma: Security Vs Cost Vs User Satisfaction
While providing consulting service to a bank security management, I discovered that all systems, whether they are identified as critical or not, require every users to change their password ONCE a month. Of course, you could imagine what is going on: 1. Frequent password reset 2. Password reset form submission without prior approval but just on phone communication. 3. Staff put the same password for every system. After taking some interviews with those staff, they also feel very annoyed about it. Single Sign-On technology implemented with historical and out-date platforms and new systems are very challenging and costly. I recommend they start to implement some kind of solutions to synchronize passwords of various systems on the same technological platform and server environment, the progress is good. At least, it curtails some of the administrator effort and staff burden. For a joke, if they deem that all systems are critical, why don?t they pick up a 2-factor authentication by gifting their staff a token or adopt biometric approach, the token-based authentication somehow is adopted for payment systems. However, they don?t want to spend budget on improving staff satisfaction. Anyway, the management never understand the password security could lead to million or even huge reputation risk if their customer information are leaked out. For cost effective, I have just suggested them to change the policy instead. Again, they also don?t want to lessen the control. The management readily lacks the concept of compensating controls and password is just a component indeed. That?s reason it is always a dilemma towards management and security professional to engage the balance of security control, cost and user satisfaction.
Posted by: Anthony, Cheuk Tung, LAI, CISSP, CISA 29 Sep 2005