Printer Friendly

One in Three Employees Compromise Corporate Security through Lax Password Practices, Nucleus Research Study Finds.

Companies should consider alternate authentication practices since strategies to improve password security have no impact

WELLESLEY, Mass. -- Passwords are largely ineffective at protecting corporate data due to common human error, a new study by Nucleus Research and KnowledgeStorm finds. More than a third of employees write down or electronically record their passwords, creating significant vulnerabilities. Even worse, lowering the quantity of passwords, changing password complexity, or changing password change frequency had no impact on employee actions.

"Companies that spend time and money creating password security strategies are largely wasting their time, because one in three employees are writing down passwords regardless of password policies," said David O'Connell, senior analyst at Nucleus Research. "It's like leaving the key under the mat or in the flower box. Companies looking to ensure security should look beyond passwords to other authentication strategies."

Study Findings

The study surveyed 325 enterprise users and found that more than one third wrote down their password, despite the clear security risk it

poses. Of those who keep a record of their password, two-thirds store it in a text file on either a PC or mobile device, creating new vulnerabilities for fraudulent access to data. The study finds the same percentage of users write down or store their password regardless of the type of security system in place - restrictive, average or lenient.

Many companies try to improve password security by adding complexity, such as requiring both numbers and letters or even special characters in each password, increasing the frequency that passwords are changed or requiring a greater number of passwords to enable access. As long as users write down or store their password, none of these efforts add any protection. In fact, single sign-on is just as effective as more complex schemes, according to the study. Even user education on the importance of protecting a password does little to reduce the number of people who keep a written or electronic record of the password.

"These findings are very relevant to the individuals searching for security solutions," said Rachel Spasser, senior vice president, Business Planning and Corporate Development, KnowledgeStorm. "They should be taken into consideration in the selection process when companies are looking to implement an effective security solution."

Companies may want to review biometrics, cognitive biometrics and other authentication technologies to improve their overall security. This report and others from Nucleus can be found at

About Nucleus Research

Nucleus Research is a global provider of IT advisory and research services that provides CFOs, CIOs and their staffs with the real-world information they need to maximize the business returns from their technology investments. For more information, visit

About KnowledgeStorm

KnowledgeStorm is the Internet's top-ranked search resource for technology solutions and information. Leveraging the KnowledgeStorm Network of premier partners and its extensive search expertise, KnowledgeStorm is able to reach technology buyers and deliver the information they need no matter where their search begins. KnowledgeStorm, with its network, search expertise and performance tools and services, is a powerful resource for technology vendors, providing them the most opportunities to reach buyers on the Internet and convert them into Web leads. For more information, call (877) 340-9274 or visit
COPYRIGHT 2006 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Oct 17, 2006
Previous Article:A Vegetarian Source for All the Omega-3s You Need.
Next Article:DataDirect Technologies to Provide Data Connectivity Support for the New IBM Information Server.

Related Articles
There are spies - and hackers - among us.
Workers give passwords to total strangers in scruples survey. (Security News).
Passwords given away for a cheap pen! (Security).
Stolen PDAs Open Door To Networks.
Companies still risk information theft.
Privileged password management: combating the insider threat and meeting compliance regulations for the enterprise.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters