Administrators change their security credentials less frequently than user passwords, survey at RSA Conference finds
IT administrators are being urged to practice what they preach and update corporate passwords as frequently as they recommend employees do.
A study by cyber security firm Lieberman Software discovered that more than half (55 percent) of IT professionals make their users change their passwords more regularly than they change administrative credentials.
Lieberman’s survey, conducted at last month’s RSA security conference, found that a worrying 10 percent of admins reported never having changed administrative credentials at all, and 74 percent only changed passwords on a monthly basis, and sometimes even less than this.
The study also revealed that nearly a third (36 percent) publicly shared passwords amongst other member if the IT staff.
Worryingly, a further 15 percent believed that they would be able to gain remote access to corporate networks using their admin credentials if they were to leave the company.
“Administrative passwords are the most powerful credentials in an organisation – the keys to the IT kingdom,” said Philip Lieberman, President and CEO of Lieberman Software.
“The fact that 10 percent of IT professionals admitted that they never change these credentials is astounding. It’s almost like an open invitation to hackers to come in and stay a while. In the meantime, the intruders are nosing their way around the network. They can anonymously help themselves to information and remain undetected until it’s too late.”
Sadly, this isn’t the first password vulnerability story to hit the IT industry in recent months, as users somehow still remain immune to persuasion.
A survey carried out by LastPass last month found that more than half of Brits share passwords that could put their financial information at risk despite three quarters acknowledging such practices are dangerous.
This included a whopping 96 percent of respondents who said that they have shared up to six passwords with others, with 72 percent sharing such credentials verbally.
Another recent study from Kaspersky also found that nearly half of Internet users admitted to having shared their passwords with somebody or leaving them visible for people to see, opening them up to serious risk of compromise or attack.