Password Security: The Education Is There But Employees Are Failing the Tests

Sue Marquette Poremba
Slide Show

Protecting Corporate Identities Through Password Management

When it comes to practicing good password security, it appears that employees still don’t get it.

A recent study from Ping Identity found that employees aren’t doing a very good job with password security basics. Okay, to give them credit, they are following the “rules” of creating a hard-to-guess password with combinations of alpha-numeric and symbols. But apparently, they are then so proud of that difficult password that they use it for everything. As eSecurity Planet pointed out, half the 1,000 respondents reuse the same password across work accounts, while two-thirds do the same for personal accounts. This is especially concerning when you consider how much the line between business and personal has blurred on our devices. The article stated:

The survey also found that while 78 percent of respondents believe it's risky to share passwords with family members, 37 percent admit doing so -- and 54 percent admit to sharing their login information with family members so they can access their computers, smartphones and tablets.

One in five respondents said they would sell their login credentials for the right price – like a year’s worth of mortgage or to pay off college loans. Talk about the rogue insider! I guess these people figure that if the information is being sold on the black market anyway, why not reap the rewards themselves?

What’s so surprising about these numbers is that the survey found that companies are pushing security education now more than ever, and on some level, it is sinking in. More than half of the respondents said that protecting the corporate data is very important (I’m guessing that number doesn’t include the group who sees dollar signs instead of login credentials). Yet they don’t put the same value on personal data; nor do they exercise those ethics, as they are not doing all they can to use best security and password practices.

Andre Durand, CEO of Ping Identity, said this in a statement about the study, and I agree with him wholeheartedly:

No matter how good employees’ intentions are, this behavior poses a real security threat. IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too. This is a defining moment for CISOs and CEOs, and tackling these pervasive disconnects will require both to come together to rethink how they ensure that the right people have access to the right data from any device, no matter where they are.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Add Comment      Leave a comment on this blog post
Dec 26, 2015 11:40 PM Hitoshi Anatomi Hitoshi Anatomi  says:
Being able to create strong passwords is one thing. Being able to recall them is another. And, being able to recall the relations between the accounts and the corresponding passwords is yet another.  At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts. Incidentally, biometrics are dependent on passwords registered in case of false rejection in the cyber space. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. And, in a world with passwords killed dead , we have no safe sleep. Passwords will stay with us for long. Reply
Jun 1, 2016 8:53 PM MCat1976 MCat1976  says:
This was helpful. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.