News
Cyber-Ark: Data Theft spike caused by password fatigue – IT must take control
February 2009 by Cyber-Ark
Cyber-Ark, the Privileged Identity Management experts, says that the results of an analysis into 28,000 real world passwords - apparently stolen from a well-known Web site and posted on the Internet - reveals that a sizeable minority of IT users are seriously naive when it comes to setting their own passwords.
"The analysis, carried out by Information Week, shows that 14 per cent of the users were using sequential password combinations such as 1234, 123456789 and QWERTY. A further 16 per cent, meanwhile used their first name as a password," said Adam Bosnian, VP Products and Strategy.
"With four per cent of users coming up with the impressively unimaginative `password’ or a similar derivative as their password, this study confirms what we’ve know for some time here at Cyber-Ark, namely there is a lot of naivety when it comes to password security out there in IT userland," he added.
Because of the findings , Bosnian says there is a definite need for IT managers to educate computer users in their organisations about the need for security, even to the extent of setting passwords for staff and then resetting them on a regular basis.
There is also a definite argument for the use of data vaulting techniques for the master passwords and other critical IT data in a typical organisation. Controlling high level passwords within a company imbues the IT staff with a sense of security and, from there, the need for security filters out to all users in a firm, he explained.
According to Bosnian, the fact that five per cent of the 28,000 stolen real-world passwords turned out to the names of TV shows or popular singers, reveals how easy it is crack security systems using a password library attack.
"This survey suggests that more than a third of users could have their accounts totally compromised by hackers using a password library-assisted form of hacker attack that could be completed on most systems in a matter of hours. And if any of those users have admin privileges, the company’s IT security would be dead in the water," he said.
"This report is a real eye-opener, as it shows how poor password security is in the real world of employees. It also illustrates the need for IT managers plus their staff to seriously educate users about the need for better password security, or even centralise password creation to the IT department as used to happen in the earliest days of computers," he added.
