City of London workers fail to follow basic password security rules with 27 per cent using real words, almost half using words of less than eight characters and 20 per cent using the same passwords for personal and business use. Almost a third admit that they share their passwords with colleagues.
A survey carried out in London’s Square Mile found nearly 80 per cent of people have no additional level of security and use only passwords to log on to their work PC. While 40 per cent of respondents said they changed their passwords every month, 17 per cent of people admitted to keeping a list of their passwords.
Alan Paller, director of research at security research organisation the SANS Institute, said: “The old adage is that financial institutions have the highest security standards because of the value of what they protect. This is not a failure of policy.
"It is a failure of technology to implement policy – the technology exists for these people to be forced to adopt safer passwords. The problem with security is that we’ve made it hard for people, therefore they won’t do it. When it is made easy, people will do it.”
“Financial institutions should be among the most diligent organisations in the world when it comes to IT security. The findings of our latest password survey therefore make for interesting reading, originating as they do from one of the world’s financial hubs," added Joe Baguley, global product director, Quest Software.
IT departments only provide 16 per cent of passwords with the remainder being made up by users.
Poor password practice leaves London City workers wide open
By Ambrose McNevin on Oct 25, 2006 8:42AM