IT professionals lax about password management

The survey of nearly 200 IT security professionals, conducted at Europe’s largest information security event, Infosecurity, revealed:

Only 40 per cent of survey participants change administrative passwords monthly or more frequently; 30 per cent change them quarterly and a staggering 15 per cent never change IT administrative passwords.

A quarter also admit that their IT staff can access the administrative passwords without permission, which is a serious oversight considering it is these very passwords that are the most powerful and critical of all passwords, overriding all the others and enabling the “administrator” to access the network, systems and the very applications which provide the backbone of enterprises worldwide.

Twenty eight per cent keep their administrative passwords in their heads – while 38 per cent still resort to writing down their passwords and storing them on paper.

Less than a third (32 per cent) are storing administrative passwords digitally. The remainder continue to use labor-intensive, manual processes, including paper copies stored everywhere from locked cabinets to safes.

Twenty two per cent of respondents estimate that their colleagues are still keeping passwords on Post-It Notes, while 14 per cent use unsecured spreadsheet files – making it relatively easy for an infiltrator to access the administrative passwords.

According to

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.