Monthly newsletter Weekly news roundup Breaking news notification      

Password protection is an inefficient means of managing security

The results of a European user name and password usage survey conducted this summer by Rainbow Technologies, Inc., has found that UK organisations are more security conscious with passwords than France and Germany. The survey also found that the use of user names and passwords as a means of securing data and applications is both costly and insecure, and the more organisations try to strengthen their password the higher the costs.

Get free weekly news by e-mailAbout 2,500 IT administrators, executive management and security professionals in western Europe responded to the survey, about 45 percent were British; French and German respondents accounted for about 25 percent each; and other countries made up the remaining five percent.

The results of the survey closely mirror those from a recent North American survey of user names and password usage where over 3,000 people took part. The survey concludes that user names and passwords are inherently insecure. The higher number of user names and passwords maintained by European users, coupled with the higher frequency of changing individual user names and passwords, means this ‘free’ method of authentication carries a high cost. Add the downtime associated with the inability of users to log in to business-critical data and applications, and there is a significant hidden cost to using user names and passwords in a variety of computing environments.

The main survey results revealed:
* 50.5 percent of users write passwords down at least once; nearly 5.5 percent of all users write every password down.

* More than 46 percent of users share passwords.

* The average user manages about 4.35 passwords with about 20 percent having nine passwords or more.

* The survey showed a number of differences between the countries:
- UK organisations change passwords more often than France and Germany. In the UK 45 percent of people are required to change their passwords more than seven times in a year, compared to 21 percent in France and 23 percent in Germany.
- The UK is also more stringent on what can be used as a password, with 51 percent of UK respondents required to use a mixture of letters and characters compared to just 28 percent in France. The use of the same password over again (i.e. when asked to replace the password, users can select one used before) was not allowed in 56 percent of the UK's respondents compared to only 22 percent in Germany.
- Nearly 40 percent of French respondents needed to access more than nine business applications yet only 19 percent of respondents had nine or more passwords. With the UK only 26 percent of respondents needed to access nine or more applications, yet 23 percent of respondents had 9 or more passwords.
- The sharing of passwords is much higher in Germany (57 percent) and France (52 percent) compared to the UK where only 39 percent of people share their passwords.
- The number of users requiring password resets is much lower in Germany (22 percent) and France (30 percent) than in the UK where 44 percent of respondents have needed to have their passwords reset over the past year.

"This survey underscores our contention that, as a security device, user names and passwords leave business-critical data and applications exposed and potentially compromised," said Gary Clark, vice president of sales and marketing, EMEA, Rainbow Technologies. "As more organisations use the Internet and the web to deploy their core business applications, it is clear that the current user name and password authentication paradigm creates more costs and security holes than it solves, and a better solution is needed."

Date: 8th October 2003 •Region: UK/W.Europe •Type: Article •Topic: ISM
Rate this article or make a comment - click here


Copyright 2003 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help