Password protection management in crises
June 24, 2005
A survey of 175 IT professionals, by IT security firm Cyber-Ark found that 10% of firms never changed their central administrative passwords and a further 5% did not even change the manufacturer’s default password which was supplied with the system. One IT manager said he kept all passwords on his mobile phone and less that a third of IT managers said they stored key passwords digitally. The remainder kept paper copies, making it easy for IT staff to access core passwords without official permission.
Storing passwords on paper has the additional risk that copies may be stolen and makes updating passwords more difficult and time-consuming, according to Cyber-Ark.
The survey found that the situation was even worse in non-IT departments. The IT managers surveyed estimated that 19% of general staff in their firms still keep their passwords on notepaper beside their computers.
“It would appear from this research that password management is still a major bugbear for many organisations, with two thirds who are still relying on the old-fashioned method of physically managing and storing passwords,” said Tom Crawford, president and chief executive of Cyber-Ark.