The number of passwords needed for people to access the enterprise resources they need to do their job has reached the point where they are resorting to insecure and risky methods to store or remember multiple access codes.
A new survey has shown that some 25% of people keep passwords on a spreadsheet or other PC document, 22% choose to store them on a PDA, while 15% simply write them all down and keep them in a supposedly safe place.
The findings are unsurprising, in that over a quarter of respondents have to manage the frustration at work of handling more than 13 different passwords, and another 30% juggle between six and 12 passwords. To compound matters further, the recommendation is that passwords should be changed every six months, for a new access code each with a minimum of eight characters, at least two of which should be numbers and at least two letters.
Unfortunately, it has been found that the more organizations try to strengthen their access control regimes, the higher the costs they incur. Strengthening security by mandating the use of a specific combination of uppercase or lowercase letters and numbers in a password, or insisting on regular passwords changes, simply increases the likelihood that users do not remember them. The result is a call to a service desk and a password reset request which can trigger costs of up to $145 a time, according to some analyst estimates.
Last year a survey on password use revealed that the average user was having to manage 4.35 passwords and that 50% of all users write passwords down somewhere.
Where passwords are written down, security can be compromised and some perceived or real consequential loss can entail. It is for that reason that the industry is slowly moving beyond password-based security and toward two-factor ID to help protect systems from attack and individuals from scams such as phishing and identity theft.
Microsoft Corp is said to be looking to beef up security in its planned Vista operating system, by dumping simple password protection for two-factor authentication.
The poll of 1,700 enterprise technology end-users in the US was carried out by RSA Security Inc, a vendor that pushes two-factor ID and secure access smart devices.