Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

RSA Security Survey Reveals Multiple Passwords Creating Security Risks and End User Frustration

  • 28 September, 2005 12:00

<p>RSA Security Inc. (Nasdaq: RSAS) today announced survey results that show the challenges end users face in managing passwords inside the enterprise, and the potential corporate IT security risks that result.</p>
<p>The survey of almost 1700 enterprise technology end users in the United States showed that over a quarter of respondents must manage more than 13 passwords at work, and that nine out of ten respondents are frustrated with the password management challenge. This frustration is leading to behaviours that could jeopardise IT security, as well as compliance initiatives.</p>
<p>“Compliance initiatives have led companies to enforce and strengthen password policies, which has resulted in additional burdens for the end user – such as requiring that employees change passwords more frequently, or leverage very difficult to remember passwords,” said Andrew Braunberg, senior analyst at Current Analysis. “Paradoxically, password policies that are not user-friendly spur risky behaviour that can undermine security. These policies also raise IT help desk costs as companies allocate more resources to password resets.”</p>
<p>Plethora of Passwords Creates Frustration</p>
<p>The results of the RSA Security survey reveal that employees are managing an incredibly large number of passwords at work. Twenty-eight percent of respondents must keep track of more than 13 passwords; 30 percent of respondents manage between 6-12 passwords. Managing so many passwords is leading to greater end user frustration – the vast majority of those surveyed (88 percent) reported frustration with the password management process.</p>
<p>Password Overload Driving Risky IT Security Behaviours</p>
<p>RSA Security’s survey findings indicate that while end users may attempt to memorise passwords, employees continue to resort to other, less secure means of tracking multiple passwords. The most common risky password management behaviours include:</p>
<p>• Maintaining a spreadsheet or other document stored on the PC (25 percent)
• Recording a list of passwords on a PDA or other handheld device (22 percent)
• Keeping a paper record of passwords in an office/workspace (15 percent)</p>
<p>The Password Burden on the IT Help Desk</p>
<p>Research from the Burton Group reports that each call to the IT help desk may cost between US$25 and US$50. Despite this, the RSA Security survey showed that the bulk of password reset responsibilities continue to lie in the hands of IT help desk staff, with 82 percent of respondents indicating that IT help desk staff must intervene when passwords are lost or forgotten.</p>
<p>The survey also showed the potential for lost productivity when employees rely on the IT help desk to manage a lost or forgotten password. Twenty percent of respondents said it takes the IT help desk staff between 6 and 15 minutes to address a lost or forgotten password problem; 17 percent said it takes longer than 16 minutes.</p>
<p>Protecting the ‘Keys to the Kingdom’</p>
<p>Respondents were queried on the impact of leveraging a ‘master password’ that could be used to gain access to all other passwords. The overwhelming majority of respondents – 98 percent – believe that it would be important to add a layer of protection if they were provided with one master password at work – essentially, protecting the ‘keys to the kingdom’. Tellingly, 55 percent of respondents rated adding an added layer of security as “very important.”</p>
<p>Survey Description and Methodology</p>
<p>The RSA Security password management survey was conducted online between August 31 and September 19, 2005. There were 1685 respondents – including CIOs/CSOs, and IT directors, managers and administrators – who took part in the online survey. The survey polled individuals located in the United States.</p>
<p>About RSA Security
RSA Security Inc. helps organisations and individuals confidently protect identities and information access. The company secures more than 15 million user identities, safeguards trillions of business transactions annually, and manages the confidentiality of data in tens of thousands of applications worldwide. RSA Security's portfolio of award-winning solutions – including identity &amp; access management, secure mobile &amp; remote access, secure enterprise access, secure transactions and consumer identity protection – sets the standard in the industry. Our strong reputation is built on a 20-year history of ingenuity, leadership and proven technologies, and our more than 18,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet. For more information, please visit</p>
<p># # #</p>
<p>RSA is the registered trademark or trademarks of RSA Security Inc. in the United States and/or other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies.</p>
<p>Media Contacts
John Back, Kinetics Pty Ltd, 02 9976 6611,
Melinda Hickin, RSA Security Australia Pty Ltd, 02 9463-8407.</p>

Most Popular