City of London workers fail to follow basic password security rules with 27
per cent using real words, almost half using words of less than eight characters
and 20 per cent using the same passwords for personal and business use. Almost a
third admit that they share their passwords with colleagues.
A survey carried out in London’s Square Mile found nearly 80 per cent of
people have no additional level of security and use only passwords to log on to
their work PC. While 40 per cent of respondents said they changed their
passwords every month, 17 per cent of people admitted to keeping a list of their
passwords.
Alan Paller, director of research at security research organisation the
SANS Institute, said: “The old adage
is that financial institutions have the highest security standards because of
the value of what they protect. This is not a failure of policy.
"It is a failure of technology to implement policy – the technology exists
for these people to be forced to adopt safer passwords. The problem with
security is that we’ve made it hard for people, therefore they won’t do it. When
it is made easy, people will do it.”
“Financial institutions should be among the most diligent organisations in
the world when it comes to IT security. The findings of our latest password
survey therefore make for interesting reading, originating as they do from one
of the world’s financial hubs," added Joe Baguley, global product director,
Quest Software.
IT departments only provide 16 per cent of passwords with the remainder being
made up by users.
Do you agree?
Have your say on this article