News
Aberdeen Group & Quest Software: 50% of organizations require only passwords to access critical data
September 2008 by Aberdeen Group et Quest Software
Quest Software, Inc. underwrote an Aberdeen Group benchmark study, "Strong User Authentication," which shows that 52 percent of organizations require only passwords for employees to access critical data, rather than augmenting passwords with stronger forms of authentication such as hardware tokens, digital certificates or risk-based scoring. Nearly 150 organizations from a diverse set of global industries were polled for the study.
Other key findings of the Aberdeen benchmark study include:
• 88 percent of enterprise users have multiple work-related passwords, averaging between five and six
• 64 percent of organizations do not even require users to change their passwords
• 45 percent of organizations allow standard dictionary terms (like “password”)
• 29 percent of organizations have no requirements for password length
"With the recent, well-publicized incidents of network and identity theft, companies need to put security first and require more than just passwords for user authentication," said Jackson Shaw, senior director, product management, Quest Software. "Helping our customers increase security and mitigate the risk associated with compromised confidential information has become a top priority at Quest. As a result, Quest offers solutions for two-factor authentication as well as single sign-on, provisioning, password management, role management, auditing and compliance reporting."
Forty percent of those surveyed stated that risk from external users was the leading driver for current investments in strong user authentication, as opposed to risk from internal users, the leading driver for only 16 percent. This is a result of requiring organizations to provide more
Aberdeen Group Strong Authentication Study Sponsored by Quest Software end users with expanded access – including remote employees, contractors, partners and customers. This expanded access can dramatically increase security breaches from external sources if stronger forms of authentication are not in place.
One solution for organizations needing to deploy two-factor authentication is Quest Defender, which uses a token or smart card to provide strong authentication for an organization’s IT infrastructure. By leveraging existing investments in Active Directory, supporting hardware tokens from multiple vendors, and supporting a range of software tokens, Defender provides a cost-effective means to increase security and to achieve and sustain compliance.
