The Problem with Password Proliferation

THE PROBLEM WITH Password Proliferation Complex password policies are creating havoc in the workplace. The cost of common security measures may be more than you expect. 19 $5.5 MILLION The average cost per data breach for businesses in 2011 39% $174 Data breaches caused by negligent users cost companies an average of of data breaches caused by MALICIOUS ATTACKS are the result of negligence, including PASSWORD PER ΤHEFT. LOST RECORD O??? ??? ???? ???? ???? But we have password policies in place to help prevent this sort of thing, right? ??? '???? ???? ?? Character Witness 27% percentage of organizations that require their employees to remember six or more passwords. The average corporate user maintains 15 PASSWORDS within both the private and corporate spheres. If It Ain't Broke... 60 % of people say they cannot memorize all of their passwords. 61*) of consumers reuse passwords among multiple websites. Ch-Ch-Changes To help prevent brute-force EVERY attacks, your organization may 30 ТО 60 DAYS. LOCK YOUR ACCOUNT. How often many companies require users to change their password. Time to call IT.. Generally Speaking... Even Worse... 44 of consumers change their passwords only once a year. Most organizations are working across multiple applications, each requiring its own password. What do people use to remember their passwords? With whom have people shared their password with in the past? Memory 59% 26% Spouse Password management software 33% 12% System Admin Browser keeps track of my password 23% 10% A Friend Word document 11% 8% Co-worker on my computer Sticky note or typed list near my computer 7% 5% Bos 11% 57% None of the Above Other Cost of Recovery With so many passwords, users may opt to write them down and leave it out in the BETWEEN 10% AND 30% of all help desk calls are for password resets. This is my p@55wOrd open. Password reset costs range from $5110 $147 TO Even Worse... Some users may keep a spreadsheet of passwords on their computer. This one file can compromise enterprise identity security. FOR THE LABOR ALONE. The correlation between passwords and workplace productivity: 1 Employees who cannot remember passwords have to call help desks, burning time and money. 2 Forgetting passwords forces employees to go through self-service resets. Also, having to frequently change your password disrupts productivity. 2$ PASSWORD POLICIES SHOULD BE JUST AS STRONG AS NEEDED, NOT MORE. Sources http://www.symantec.com/connect/blogs/password-survey-results http://www.csid.com/wp-content/uploads/2012/09/CS_PasswordSurvey_FullReport_FINAL.pdf http://passwordresearch.com/stats/study76.html http://en.wikipedia.org/wiki/Single_sign-on http://www.emirates247.com/news/emirates/uae-internet-risk-employees-have-to-maintain-average-of-15-passwords-2012-10-13-1.478829 http://www.zdnet.com/blog/hardware/repeat-after-me-reusing-passwords-is-bad/10684 http://www.pcworld.com/article/150874/password_brain_power.html http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-cost-of-a-data-breach-2011 http://www.cl.cam.ac.uk/~rja14/shb10/angela2.pdf Courtesy of Ping identity H23 THE PROBLEM WITH Password Proliferation Complex password policies are creating havoc in the workplace. The cost of common security measures may be more than you expect. 19 $5.5 MILLION The average cost per data breach for businesses in 2011 39% $174 Data breaches caused by negligent users cost companies an average of of data breaches caused by MALICIOUS ATTACKS are the result of negligence, including PASSWORD PER ΤHEFT. LOST RECORD O??? ??? ???? ???? ???? But we have password policies in place to help prevent this sort of thing, right? ??? '???? ???? ?? Character Witness 27% percentage of organizations that require their employees to remember six or more passwords. The average corporate user maintains 15 PASSWORDS within both the private and corporate spheres. If It Ain't Broke... 60 % of people say they cannot memorize all of their passwords. 61*) of consumers reuse passwords among multiple websites. Ch-Ch-Changes To help prevent brute-force EVERY attacks, your organization may 30 ТО 60 DAYS. LOCK YOUR ACCOUNT. How often many companies require users to change their password. Time to call IT.. Generally Speaking... Even Worse... 44 of consumers change their passwords only once a year. Most organizations are working across multiple applications, each requiring its own password. What do people use to remember their passwords? With whom have people shared their password with in the past? Memory 59% 26% Spouse Password management software 33% 12% System Admin Browser keeps track of my password 23% 10% A Friend Word document 11% 8% Co-worker on my computer Sticky note or typed list near my computer 7% 5% Bos 11% 57% None of the Above Other Cost of Recovery With so many passwords, users may opt to write them down and leave it out in the BETWEEN 10% AND 30% of all help desk calls are for password resets. This is my p@55wOrd open. Password reset costs range from $5110 $147 TO Even Worse... Some users may keep a spreadsheet of passwords on their computer. This one file can compromise enterprise identity security. FOR THE LABOR ALONE. The correlation between passwords and workplace productivity: 1 Employees who cannot remember passwords have to call help desks, burning time and money. 2 Forgetting passwords forces employees to go through self-service resets. Also, having to frequently change your password disrupts productivity. 2$ PASSWORD POLICIES SHOULD BE JUST AS STRONG AS NEEDED, NOT MORE. Sources http://www.symantec.com/connect/blogs/password-survey-results http://www.csid.com/wp-content/uploads/2012/09/CS_PasswordSurvey_FullReport_FINAL.pdf http://passwordresearch.com/stats/study76.html http://en.wikipedia.org/wiki/Single_sign-on http://www.emirates247.com/news/emirates/uae-internet-risk-employees-have-to-maintain-average-of-15-passwords-2012-10-13-1.478829 http://www.zdnet.com/blog/hardware/repeat-after-me-reusing-passwords-is-bad/10684 http://www.pcworld.com/article/150874/password_brain_power.html http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-cost-of-a-data-breach-2011 http://www.cl.cam.ac.uk/~rja14/shb10/angela2.pdf Courtesy of Ping identity H23