Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Password naivety continues to reign with business IT users

CyberArk Software : 20 February, 2009  (Technical Article)
Trivial passwords continue to be a problem in organisations with no control over password formation rules and who allow users to make up their own passwords
Cyber-Ark, the Privileged Identity Management experts, says that the results of an analysis into 28,000 real world passwords - apparently stolen from a well-known Web site and posted on the Internet - reveals that a sizeable minority of IT users are seriously naive when it comes to setting their own passwords.

'The analysis, carried out by Information Week, shows that 14 per cent of the users were using sequential password combinations such as 1234, 123456789 and QWERTY. A further 16 per cent, meanwhile used their first name as a password,' said Adam Bosnian, VP Products and Strategy.

'With four per cent of users coming up with the impressively unimaginative `password' or a similar derivative as their password, this study confirms what we've know for some time here at Cyber-Ark, namely there is a lot of naivety when it comes to password security out there in IT userland,' he added.

Because of the findings , Bosnian says there is a definite need for IT managers to educate computer users in their organisations about the need for security, even to the extent of setting passwords for staff and then resetting them on a regular basis.

There is also a definite argument for the use of data vaulting techniques for the master passwords and other critical IT data in a typical organisation. Controlling high level passwords within a company imbues the IT staff with a sense of security and, from there, the need for security filters out to all users in a firm, he explained.

According to Bosnian, the fact that five per cent of the 28,000 stolen real-world passwords turned out to the names of TV shows or popular singers, reveals how easy it is crack security systems using a password library attack.

'This survey suggests that more than a third of users could have their accounts totally compromised by hackers using a password library-assisted form of hacker attack that could be completed on most systems in a matter of hours. And if any of those users have admin privileges, the company's IT security would be dead in the water,' he said.

'This report is a real eye-opener, as it shows how poor password security is in the real world of employees. It also illustrates the need for IT managers plus their staff to seriously educate users about the need for better password security, or even centralise password creation to the IT department as used to happen in the earliest days of computers,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo