Poor password habits are putting employers at risk and losing them hundreds of thousands of pounds in lost productivity, according to new research from Centrify Corporation, a leader in unified identity management across data centre, cloud and mobile. According to the survey of 1,000 UK workers, the average employee wastes £261[1] a year in company time on trying to manage multiple passwords, which for a company with 500 staff is a loss of more than £130,000 a year.
FREE Webinar on Oct. 21 at 3:30pm EDT: The Top 3 Threats to Retail IT Security and How You Can Defend your Data
“In our new digital lifestyles, which see a blurring of the lines between personal and professional lives, we are constantly having to juggle multiple passwords for everything from email and mobile apps to online shopping and social media,” says Barry Scott, EMEA Chief Technology Officer for Centrify. “According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns and for employees who are costing their companies time and money.”
Yet while around half (47 percent) use their personal mobile devices for business purposes, one in three (34 percent) admit they do not actually use passwords on these devices even though they keep office email, confidential documents, customer contact information, and budget information on them.
High on many people’s list of “most annoying things”, passwords are becoming the cause of major headaches today. The research reveals that forgetting a password for an online account is more annoying than misplacing your keys (39 percent), a mobile phone battery dying (37 percent) or getting spam email (31 percent). One in six (16 percent) would rather sit next to someone talking loudly on their mobile phone, 13 percent would rather spend an hour on a customer service line, and 12 percent would prefer to sit next to a crying baby on a flight than have to manage all of their passwords.
The research also shows:
· More than one in three (38 percent) have accounts they cannot get into any more because they cannot remember the password.
· 28 percent get locked out at least once a month due to multiple incorrect password entries.
· One in five change their passwords at least once a month and 8 percent change them every week.
· Most have little faith in password security – just 15 percent believe their passwords are “very secure.”
With nearly half (42 percent) of respondents creating at least one new account profile every week – more than 50 a year – the problem with password management will just get worse. In fact, 14 percent believe they will have 100+ passwords to deal with in the next five years. Despite this, it is believed that many already seriously underestimate the number of account profiles they have online, with nearly half (47 percent) believing they have just five profiles – although a quarter admit they have 21 or more.
Andy Kellett at analyst firm, OVUM, added: “When it comes to providing safe access to what should be highly-secure business systems, the password model is no longer fit for purpose. It remains the primary security tool for businesses in environments where other authentication options should be considered. We used to go to work and stay in one place. Now we are just as likely to be working from a remote office, on the train, or at home, and simple passwords are neither robust nor secure enough to support secure, remote access. With today’s workforce also using social media and flexible remote tools and applications, we need to empower them to do this by allowing them to have more ownership of their identities and by incorporating better, more balanced security measures that also improve productivity.”
Top 5 bad password practices
When asked what they do in order to remember their passwords, survey respondents said they:
1. Always use the same password whenever possible.
2. Rotate through a variety of similar passwords.
3. Keep a written password in a master book of passwords.
4. Use personal information in a password.
5. Avoid using complicated symbols or combining upper and lower case.
Top 5 good password tips
To help employers, Centrify has complied a list of top tips on effective password management:
· Educate staff about using passwords – make it a key part of your corporate security policy.
· Make it easier for employees to work anywhere anytime by using technology that offers single sign-on capabilities – i.e. one click to access all of their work accounts and applications.
· With some mobile phones now providing both identity and access management capabilities, incorporate them as part of your BYOD (bring your own device) policy.
· Create one profile for any corporate log-ins, and then have privileges for individual employees within the one profile. Anyone who leaves the company can be removed automatically.
· Think about replacing passwords with something much more intuitive like passphrases.
[1] Figure calculated by taking an average of the hourly rate of personal income from one’s job multiplied by the amount of time spent dealing with password management.
About the research
The Widmeyer survey was developed to assess people’s engagement with, and perception of, passwords, in order to determine their efficacy in the workplace. The survey was completed in September 2014 with more than 1,000 participants in the UK and 1,000 in North America. Results were similar across both regions. The final results can be found at http://www.centrify.com/Password-Survey
About Centrify
Centrify provides unified identity management across data center, cloud and mobile environments that deliver a single sign-on (SSO) for users and a simplified identity infrastructure for IT. Centrify’s unified identity management software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management. Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent, while improving business agility and overall security. Centrify is used by more than 5,000 customers worldwide, including nearly half of the Fortune 50 and more than 60 Federal agencies.
For more information, please visit http://www.centrify.com/.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.