Survey on inadequate storage of administrative passwords

Cyber-Ark revealed the results of their annual survey which illuminates the industry-wide struggle to safely and easily share and manage administrative passwords. The survey shows that the majority of IT professionals mismanage the storage of passwords by keeping them in inaccessible or unsecured locations.

A quarter admit that their IT staff can access the administrative passwords without permission, which is a serious oversight considering it is these very passwords that are the most powerful and critical of all passwords, over-riding all the others and enabling the “administrator” to access the network, systems and the very applications which provide the backbone of enterprises worldwide.

The survey of nearly 200 information technology (IT) security professionals, conducted at Europe’s largest information security event, Infosecurity, revealed:

– 28% of survey participants keep their administrative passwords in their heads and 38% still resort to writing down their passwords and storing them on paper!
Less than a third (32 percent) are storing administrative passwords digitally. The remainder continue to use labor-intensive, manual processes, including paper copies stored everywhere from locked cabinets to physical safes.

– 22% of respondents estimate that their colleagues are still keeping passwords on Post-It Notes while 14 percent use unsecured Excel spreadsheet files – making it relatively easy for an infiltrator to access the administrative passwords.

– Only 40% of all security professionals change administrative passwords monthly or more frequently; 30% change them quarterly and a staggering 15% NEVER change IT administrative passwords.

– One in five companies have seen an increase in auditing of their security practices due to recent legislation.

– 33% admitted they don’t change their critical passwords as often as their policy suggests.