TMCnet News

IT professionals alarmingly lax about password management
[June 27, 2006]

IT professionals alarmingly lax about password management


(The Birmingham Post Via Thomson Dialog NewsEdge) The majority of IT professionals mismanage the storage of passwords by keeping them in inaccessible or unsecured locations, according to alarming new research from Cyber-Ark Software, the information security software company which develops and markets digital vaults for securing and managing information.



The firm warns the failure can create serious security bottlenecks and stifle business continuity.

In the event that the keeper of critical administrative passwords is unavailable or loses the location of the passwords it can cause massive disruption and hours of lost productivity.


According to the survey a staggering 15 per cent of IT professionals never change their critical passwords.

A quarter also admit that their IT staff can access the administrative passwords without permission, which is a serious oversight considering it is these very passwords that are the most powerful and critical of all passwords, overriding all the others and enabling the "administrator" to access the network, systems and the very applications which provide the backbone of enterprises worldwide.

The survey of nearly 200 information technology (IT) security professionals, conducted at Europe's largest information security event, Infosecurity, revealed:

Twenty eight per cent of survey participants keep their administrative passwords in their heads - while 38 per cent still resort to writing down their passwords and storing them on paper.

Less than a third (32 per cent) are storing administrative passwords digitally. The remainder continue to use labor-intensive, manual processes, including paper copies stored everywhere from locked cabinets to safes.

Twenty two per cent of respondents estimate that their colleagues are still keeping passwords on Post-It Notes, while 14 per cent use unsecured Excel spreadsheet files - making it relatively easy for an infiltrator to access the administrative passwords.

Only 40 per cent change administrative passwords monthly or more frequently' 30 per cent change them quarterly and a staggering 15 per cent never change IT administrative passwords.

[ Back To TMCnet.com's Homepage ]