In follow-up to the 10 Common Risks Employees Make That Put Data at Risk, another study recently showed that the majority of organizations require only passwords for employees to access critical data. In addition, the passwords used are found to be quite weak.

Quest Software conducted a study on User Authentication which showed that 52% of the 150 organizations surveyed have only basic user authentication (passwords) to access critical data. Stronger forms of authentication would include hardware tokens, digital certificates or risk-based scoring.

Other findings from the study:

  • 88% of enterprise users have multiple work-related passwords, averaging between five and six
  • 64% of organizations do not require users to change their passwords
  • 45% of organizations allow standard dictionary terms (like “password”)
  • 29% of organizations have no requirements for password length

For those investing in stronger user authentication, stronger risks from external users (remote employees, contractors, customers, etc) have prompted them to action.

Setting up a strong user authentication plan is crucial, but for those companies that are new to this area, the first and most basic area to enforce is to have your employees choose strong passwords. You can read more about that here.

Image: Clipart

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati