Data Theft spike caused by password fatigue - IT must take control

(PresseBox) ( Dedham, )
Cyber-Ark, the Privileged Identity Management experts, says that the results of an analysis into 28,000 real world passwords - apparently stolen from a well-known Web site and posted on the Internet - reveals that a sizeable minority of IT users are seriously naive when it comes to setting their own passwords.

"The analysis, carried out by Information Week, shows that 14 per cent of the users were using sequential password combinations such as 1234, 123456789 and QWERTY. A further 16 per cent, meanwhile used their first name as a password," said Adam Bosnian, VP Products and Strategy.

"With four per cent of users coming up with the impressively unimaginative 'password' or a similar derivative as their password, this study confirms what we've know for some time here at Cyber-Ark, namely there is a lot of naivety when it comes to password security out there in IT userland," he added.

Because of the findings , Bosnian says there is a definite need for IT managers to educate computer users in their organisations about the need for security, even to the extent of setting passwords for staff and then resetting them on a regular basis.

There is also a definite argument for the use of data vaulting techniques for the master passwords and other critical IT data in a typical organisation. Controlling high level passwords within a company imbues the IT staff with a sense of security and, from there, the need for security filters out to all users in a firm, he explained.

According to Bosnian, the fact that five per cent of the 28,000 stolen real-world passwords turned out to the names of TV shows or popular singers, reveals how easy it is crack security systems using a password library attack.

"This survey suggests that more than a third of users could have their accounts totally compromised by hackers using a password library-assisted form of hacker attack that could be completed on most systems in a matter of hours. And if any of those users have admin privileges, the company's IT security would be dead in the water," he said.

"This report is a real eye-opener, as it shows how poor password security is in the real world of employees. It also illustrates the need for IT managers plus their staff to seriously educate users about the need for better password security, or even centralise password creation to the IT department as used to happen in the earliest days of computers," he added.

For more on the 28.000 password heist data analysis:

For more on Cyber-Ark:
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an