Survey: 52 Percent Of Organizations Only Require Passwords To Access Critical Data
Quest Software Inc. recently announced the results from an Aberdeen Group benchmark study, "Strong User Authentication," which shows that 52 percent of organizations require only passwords for employees to access critical data, rather than augmenting passwords with stronger forms of authentication such as hardware tokens, digital certificates or risk-based scoring.
Nearly 150 organizations from a diverse set of global industries were polled for the study.
- Other key findings of the Aberdeen benchmark study include:
- 88 percent of enterprise users have multiple work-related passwords, averaging between five and six.
- 64 percent of organizations do not even require users to change their passwords.
- 45 percent of organizations allow standard dictionary terms (like “password”).
- 29 percent of organizations have no requirements for password length.
Forty percent of those surveyed stated that risk from external users was the leading driver for current investments in strong user authentication, as opposed to risk from internal users, the leading driver for only 16 percent. This is a result of requiring organizations to provide more end users with expanded access -- including remote employees, contractors, partners and customers. This expanded access can dramatically increase security breaches from external sources if stronger forms of authentication are not in place.
"Four-fifths of companies with top performance in the study have deployed one or more stronger, non-password methods of user authentication," said Derek Brink, vice president and research fellow for IT Security, Aberdeen Group. "In doing so they have also reduced the number of security-related incidents, improved their success with audit and compliance, and reduced the number of help desk calls and total management costs related to user authentication."