- Security TWENTY
- Women in Security
Poor password habits are putting employers at risk and losing them hundreds of thousands of pounds in lost productivity. That is according to new research from Centrify Corporation, a unified identity management product company. According to the survey of 1,000 UK workers, the average employee wastes £261 a year in company time on trying to manage multiple passwords, which for a company with 500 staff is a loss of more than £130,000 a year.
Barry Scott, EMEA Chief Technology Officer for Centrify, says: “In our new digital lifestyles, which see a blurring of the lines between personal and professional lives, we are constantly having to juggle multiple passwords for everything from email and mobile apps to online shopping and social media. According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns and for employees who are costing their companies time and money.”
Yet while around half (47 per cent) use their personal mobile devices for business purposes, one in three (34 per cent) admit they do not actually use passwords on these devices even though they keep office email, confidential documents, customer contact information and budget information on them.
High on many people’s list of ‘most annoying things’, passwords it seems are becoming the cause of major headaches today. The research reveals that forgetting a password for an online account is more annoying than misplacing your keys according to 39 per cent, a mobile phone battery dying (37 per cent) or getting spam email (31 per cent). One in six (16 per cent) would rather sit next to someone talking loudly on their mobile phone, 13 per cent would rather spend an hour on a customer service line, and 12 per cent would prefer to sit next to a crying baby on a flight than have to manage all of their passwords. The research also suggests:
· More than one in three (38 per cent) have accounts they cannot get into any more because they cannot remember the password
· 28 per cent get locked out at least once a month due to multiple incorrect password entries
· One in five change their passwords at least once a month and 8 per cent change them every week
· Most have little faith in password security – just 15 per cent believe their passwords are ‘very secure’.
With nearly half (42 per cent) of respondents creating at least one new account profile every week – more than 50 a year – the problem with password management will get worse. In fact, 14 per cent believe they will have 100+ passwords to deal with in the next five years. Despite this, it is believed that many already seriously underestimate the number of account profiles they have online, with nearly half (47 per cent) believing they have just five profiles – although a quarter admit they have 21 or more.
Andy Kellett at analyst firm, OVUM, added: “When it comes to providing safe access to what should be highly-secure business systems the password model is no longer fit for purpose. It remains the primary security tool for businesses in environments where other authentication options should be considered. We used to go to work and stay in one place. Now we are just as likely to be working from a remote office, on the train, or at home and simple passwords are neither robust nor secure enough to support secure, remote access. With today’s workforce also using social media and flexible remote tools and applications, we need to empower them to do this by allowing them to have more ownership of their identities and incorporate better, more balanced, security measures that also improve productivity.”
Five bad password practices
When asked what they do in order to remember their passwords, survey respondents said they:
1. Always use the same password whenever possible
2. Rotate through a variety of similar passwords
3. Keep a written password in a master book of passwords
4. Use personal information in a password)
5. Avoid using complicated symbols or combining upper and lower case
Five password tips
To help employers, Centrify has complied a list of top tips on effective password management:
· Educate staff about using passwords – make it a key part of your corporate security policy
· Make it easier for employees to work anywhere anytime by using technology that offers single sign-on capabilities – i.e. one click to access all of their work accounts and applications
· With some mobile phones now providing both identity and access management capabilities, incorporate them as part of your BYOD (bring your own device) policy
· Create one profile for any corporate log-ins, and then have privileges for individual employees within the one profile. Anyone who leaves the company can be removed automatically
· Think about replacing passwords with something much more intuitive like passphrases.
The Widmeyer survey was developed to assess people’s engagement with, and perception of, passwords, in order to determine their efficacy in the workplace. The survey was completed in September 2014 with more than 1000 participants in the UK and 1000 in North America. Results were similar across both regions. The final results can be found at: http://www.centrify.com/Password-Survey.