RSS Alerts

Share

More services

Related Stories

  • Hackers stole Google password program
    The hackers responsible for the Operation Aurora attack against Google also managed to compromise its single sign-on password system, according to a report in the New York Times this week. The attack, which happened in December, targeted a highly secretive system operated by the search engine giant called Gaia last December.
  • Cyber attack on Google hit password system
    A Google insider has revealed that the losses incurred by cyber attacks on the firm, disclosed in January, included a password system that controls access to almost all Google web services.
  • Kaspersky gets into password management business
    Kaspersky has launched a one-click password manager designed to help users protect and maintain strong passwords across the online services that they use.
  • Solid-state disk drives crack passwords 100 times faster
    Researchers have used solid-state disk drives (SSDs) to crack passwords 100 times faster than using conventional hard drives.
  • RockYou users display poor password skills
    Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security.

Top 5 Stories

News

Larger organizations fare better in password security among IT security staff

24 June 2010

A recent survey from Osirium shows that IT security admins from larger organizations do a better job at protecting login credentials for security devices than their counterparts from smaller firms.

Identity access management firm Osirium conducted a survey of 452 respondents to its IT Security Administrators Survey 2010 and found that, on the whole, companies have less-than-rigorous access policies for security devices. In addition, it appears that IT security administrators from larger organizations are more protective of their login credentials.

Analysis of the global respondents to the survey shows that nearly half of all system administrators use either static passwords, user ID, or a combination of the two for access to security devices. Furthermore, nearly two-thirds (63%) of these administrators wrote down their passwords.

It appears that IT security personnel at larger organizations (5000+ employees) fare better in this area, as 74% of the survey respondents said they do not write down their passwords. On the flip side, 60% of those polled at organizations with 1–100 employees said they jot down their access information.

Osirium also asked these same IT security admins if they share their passwords with colleagues, to which 54% said never, and 46% indicated that they either occasionally or frequently share passwords with co-workers.

Once again, administrators at larger firms held their passwords closer to the vest, as 69% said they never shared this information with co-workers, whereas 49% of admins at smaller organizations said they communicate this information with colleagues either occasionally or all the time.

“Although we knew that many system administrators were not implementing appropriate authentication measures to control access to security devices, we were still surprised by the severity of the problem commented David Guyatt, CEO of Osirium. “It is clear that security practices are often not rigorous enough, mainly due to the fact that overburdened but technically savvy sysadmin teams can very easily circumvent existing security procedures in order to get the job done as quickly and efficiently as they can."

This article is featured in:
Compliance and Policy  • Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012