Passwords still not taken seriously
The majority of administrative passwords in some of the world’s largest corporations are stored in the heads of one or two IT staff or kept on paper, according to a survey by Cyber-Ark Software.
Of the 200 IT security professionals questioned at the Infosecurity event in London, 28% revealed that they keep their administrative passwords in their heads and 38% resort to writing them down on paper.
Cyber-Ark said that lax password management such as keeping passwords in inaccessible or unsecured locations can hinder security efforts and affect business continuity.
“In the event that the keeper of critical administrative passwords is unavailable or loses the location of the passwords, it can cause massive disruption and hours of lost productivity,” the Cyber-Ark study said.
Perhaps even more worrying is that 15% never change their critical passwords, and a quarter allow their IT staff to use them without permission.
“This is a serious oversight considering it is these very passwords that are the most powerful and critical of all passwords, over-riding all the others and enabling the ‘administrator’ to access the network, systems and the very applications which provide the backbone of enterprises worldwide,” the report said.