SHARE
Follow this article on Twitter Facebook LinkedIn Bookmark and Share
Home >> Integrating IT >> Project Management

Flunking the password test

Flunking the password test

By:  Gregg Keizer  On: 14 Jul 2008 For: CIO Canada Creator

In a recent survey, one in three IT administrators said that they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace.

THINK THOSE TOP-LEVEL PASSWORDS ARE BARRING THE DOOR TO YOUR COMPANY’S MOST SENSITIVE INFORMATION? Think again. In a recent survey, one in three IT administrators said that they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace. Nearly half also confessed that they have poked around systems for information not relevant to their jobs.

Cyber-Ark, a Newton, Mass.-based maker of password file security management software, polled about 300 senior IT professionals at a London security conference, asking them a dozen questions about their password practices. The majority said they work for companies with more than 1,000 employees.

The fact that a third acknowledged they had abused an admin password to access out-of-bounds information shouldn’t surprise anyone, said Adam Bosnian, VP of product strategy and sales for Cyber-Ark. “Admin passwords not only give administrators a lot of power, they also provide a lot of anonymity.” That combination is too tempting for some to fight, he added.

The poll also revealed behaviour that wouldn’t make any security best practices lists. Almost a third of the IT professionals polled said that they’d written privileged passwords on paper, while nearly one in ten admitted that they never changed critical passwords.


Sign up for our Newsletters
Tags: administrators, changed critical passwords, SENSITIVE INFORMATION, written privileged passwords
Close X












Close X
Print |  Views: 829   |   Rating:offoffoffoffoff  (0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.



Close X
Page 1

Gregg Keizer Gregg Keizer is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

Related Content

Nicolas Sarkozy falls prey to cybercrooks
Nicolas Sarkozy falls prey to cybercrooksFrench authorities tighten Internet banking security after it was revealed that hackers had stolen 'small sums of money' from the online bank account of the country's president
Why you shouldn't trust your users
Why you shouldn't trust your usersA famous experiment continues to show that people are willing to divulge the answers to questions about corporate security in exchange for a chocolate bar.
Usability critical for good mobile security
Usability critical for good mobile securityThe consequences of a data breach can be far-reaching and complex, but in almost every case the cause is simple. An employee, the 'average user', has either taken a shortcut around the security procedures or lost a device with critical data in a public place, or both.
Dan Swanson's Security Resources: #1
recently someone forwarded me a comprehensive survey of canadian it professionals that indicated there was a lack of information security guidance available for it and security professionals to follow. i strongly disagree with the point of view that more guidance is needed to operate a secure environment and implement secure systems and solutions, although certainly more papers on various challen

Comments (0)

No Comments!
Name: (required) eMail: (optional)

Your email address will not appear online and will be used only if the editor wishes to contact you personally for additional comments.