I came across a study yesterday about password management.  RSA Security funded a worldwide survey and their objective was to discover the level of frustration that end users endure while trying to manage work-related passwords.  The results overwhelmingly show that ways in which employees store and document their passwords can lead to serious IT security concerns. 

What struck my curiosity was that many companies fail to utilize strict password policies because of worker frustration.  57% of those surveyed said that they don’t require frequent password changes or rules on password characters and length.  They believe this will only make employees more resistant to password management and will increase the amount of password related support issues. 

Here are some other interesting results of the study:

  • 45% of U.S. participants are extremely concerned with the impact of passwords on IT security
  • 86% of U.S. participants are unaware of password related security breaches
  • 35% said they manage between 6–15 passwords
  • 83% of U.S. participants are extremely frustrated with managing passwords at work
  • Only 23% of U.S. participants are required to change passwords monthly
  • 66% of all those surveyed are aware of employees keeping a paper record of passwords

Courtesy of: The 2nd Annual RSA Security Password Management Survey. (August, 2006) Retrieved February 28, 2007, from http://www.rsa.com/products/SOM/whitepapers/PASSW_WP_0906.pdf

– Dan