Research shows that punters never learn when it comes to remembering and devising passwords
We live in a world where increasingly suffer from a kind of digital dissociative identity disorder where we have multiple personalities depending on which application we’re using, and numerous passwords to unlock these alter egos. According to research from unified identity management specialist Centrify, this can cost a business with 500 staff more than £130,000 a year.
The lost productivity stems ironically from best practices which, assuming it is put to use, results in numerous passwords being devised for all of the applications and websites that form part of our lives. Alternatively, using the same or similar passwords for every logon screen opens up the business to even greater dangers.
To be safe, every time a password is requested, it should bear little or no relationship to any other character string, we may have used in the past. Remembering all of these is impossible, especially those devised for sites that are rarely visited. Writing them down in a notebook is strictly forbidden.
Whatever the truth of the matter Centrify’s research estimates that the average employee wastes £261 a year trying to manage the problem.
“In our new digital lifestyles, which see a blurring of the lines between personal and professional lives, we are constantly having to juggle multiple passwords for everything from email and mobile apps to online shopping and social media,” says Barry Scott (pictured), Emea chief technology officer for Centrify. “According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns and for employees who are costing their companies time and money.”
The problem is distorting our sense of reality with 39 percent of the respondents claiming that forgetting a password for an online account is more annoying than misplacing their keys, mobile phone battery running out of power (37%), or getting spam email (31%). In the “bordering on a basket case” department, one in six people would rather sit next to someone talking loudly on their mobile phone, 13 percent would rather spend an hour on the customer service line, and 12 percent would prefer to suffer the crying of a baby on a flight than have to manage all of their passwords.
In some cases finding lost password is impossible and 38 percent of the sample said they have accounts they can access anymore because of a forgotten password and 28 percent get locked out at least once a month because they ran out of “tries” when attempting to recall a forgotten login code.
When it comes to best practice, not many people appear to be adhering to the rules. Only one in five people said they change their passwords at least once a month and a mere eight percent change them every week.
It’s hardly surprising that the majority of people asked had little faith in their own password security. With only 15 percent boasting that their passwords were “very secure”.
Criticism of password security is a perennial subject for the press and the situation always seems to get worse rather than better. Almost half of the respondents (42%) claimed they had to open a new account profile every week and 14 percent believed they would have over a hundred passwords to deal within the next five years. Despite these claims, 47 percent of the sample believe that they only had five profiles to handle, but around 25 percent said they have 21 or more.
Andy Kellett at analyst firm Ovum, commented, “When it comes to providing safe access to what should be highly-secure business systems the password model is no longer fit for purpose. It remains the primary security tool for businesses in environments where other authentication options should be considered. We used to go to work and stay in one place. Now we are just as likely to be working from a remote office, on the train, or at home and simple passwords are neither robust nor secure enough to support secure, remote access.”
Just to show how serious the situation is Widmeyer, the company that conducted the survey, as the respondents what they do to ensure that they can remember their passwords. The results were horrifying, as might be expected.
The top five solutions were to always use the same password whenever possible, to cycle through a variety of passwords derived from a simple formula, to carry around a book of passwords, to use personal information within a password, and to avoid using symbols or mixing upper and lowercase characters.
Centrify’s solution is to adopt password management to take some of the stress away from the users. Cloud-based and premises-based products are available from Centrify and numerous other password management vendors.
The survey was devised by Centrify and Widmeyer to determine the efficacy of passwords in the workplace. The questionnaire was completed by 1,000 participants in the UK and another 1,000 in North America. There was no apparent difference in the responses from the two geographical areas.