RSA Security: Passwords still no good

Two-factor authentication vendor RSA Security has continued to heap scorn on password-based ICT security measures.

In the company’s second annual research report polling 1300 business professionals across the globe on password management, RSA found that the use of multiple passwords continued to pose significant security risks and endangered compliance initiatives.

According to John Worrall, senior vice president of marketing at RSA Security, the sheer number of business passwords that end users were required to manage made password-based security the weakest link in the chain.

“Little has changed since 2005 – end users are still managing an overwhelming number of passwords, and this is resulting in behaviours which open the door to security breaches and potential compliance issues,” he said in a statement.

Passwords were found to be a part of a number of IT security breaches, RSA claimed, with the survey indicating that 35 percent of respondents in the APAC region were aware of a breach that occurred due to a compromised password.

Such instances included former employees accessing business accounts using their own passwords, terminated employees guessing a former manager’s password to gain remote access and employees altering a co-worker’s private human resources information.

The survey did not mention the number of respondents who were aware of a security breach due to two-factor authentication.

The survey also found that the number of passwords required was excessive with 36 percent managing between six and 15 passwords.

Fifty seven percent of respondees also said that their company’s desire to avoid end-user frustration prevents the organisation from requiring frequent password changes and/or strong password policies.

Additionally 59 percent of respondees said password management is “extremely important” to compliance.