ElcomSoft Discovers Most of Its Customers Want Stricter Security Policies but Won’t Bother Changing Default Passwords

Share Article

Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords, as discovered by ElcomSoft Co. Ltd. after conducting a research and running a quiz on its Website. A major player in the password recovery business, ElcomSoft was asking its customers on their IT security-related habits, and collected information on how people are using passwords and approach IT security issues in general. With more than 460 responses collected so far, ElcomSoft gathered a statistically significant sample, allowing the company get some interesting conclusions.

ElcomSoft Co. Ltd.

Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords, as discovered by ElcomSoft Co. Ltd. after conducting a research and running a quiz on its Website. A major player in the password recovery business, ElcomSoft was asking its customers on their IT security-related habits, and collected information on how people are using passwords and approach IT security issues in general. With more than 460 responses collected so far, ElcomSoft gathered a statistically significant sample, allowing the company get some interesting conclusions.

About the Research

To collect the responses, ElcomSoft was running a questionnaire on its Website during the last few months. After gathering a statistically significant sample, the company compiled the data into series of charts, discovering interesting information about its customers’ habits and preferences in regards to IT security.

Less than 50% of all respondents come from Computer Law, Educational, Financial, Forensics, Government, Military and Scientific organizations. The larger half of respondents comes from ‘Other’ type of organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

The quiz revealed a serious issue with how most respondents handle default passwords (passwords that are automatically generated or assigned to their accounts by system administrators). Only 28% of respondents would always change the default password, while more than 50% would usually keep the assigned one. In ElcomSoft’s view, this information should really raise an alert with IT security staff and call for a password security audit. ElcomSoft offers a relevant tool, Proactive Password Auditor, allowing organizations performing an audit of their network account passwords.

Unsurprisingly for a sample with given background, most respondents weren’t happy about their organizations’ security policies, being in either full or partial disagreement with their employer’s current policy (61%). 76% of all respondents indicated they wanted a stricter security policy, while 24% would want a looser one. The surprising part is discovered in the next chart: of those who are fully content with their employers’ security policies, only 11% would leave it as it is, 20% would vote for a looser policy, and 69% would rather have a stricter security policy.

The complete results and charts are available at http://elcomsoft.com/quiz-charts.html

About Proactive Password Auditor

Elcomsoft Proactive Password Auditor helps network administrators to examine the security of their networks by executing an audit of account passwords. By exposing insecure passwords, Proactive Password Auditor demonstrates how secure a network is under attack.

About ElcomSoft Co. Ltd.

Established in 1990 in Moscow, Russia, ElcomSoft Co.Ltd. manufactures state-of-the-art computer forensics tools and provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft was serving the needs of businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools and products are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association. ElcomSoft is a Microsoft Gold Certified Partner and an Intel Premier Elite Partner.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Olga Koksharova
Visit website