ElcomSoft Discovers Most of Its Customers Want Stricter Security Policies but Won't Bother Changing Default Passwords

ElcomSoft Discovers Most of Its Customers Want Stricter Security Policies but Won't Bother Changing Default Passwords (PresseBox) (Moscow, Russia, ) Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords, as discovered by ElcomSoft Co. Ltd. after conducting a research and running a quiz on its Web site. A major player in the password recovery business, ElcomSoft was asking its customers on their IT security-related habits, and collected information on how people are using passwords and approach IT security issues in general. With more than 460 responses collected so far, ElcomSoft gathered a statistically significant sample, allowing the company get some interesting conclusions.

About the Research

To collect the responses, ElcomSoft was running a questionnaire on its Web site during the last few months. After gathering a statistically significant sample, the company compiled the data into series of charts, discovering interesting information about its customers' habits and preferences in regards to IT security.

Less than 50% of all respondents come from Computer Law, Educational, Financial, Forensics, Government, Military and Scientific organizations. The larger half of respondents comes from 'Other' type of organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

The quiz revealed a serious issue with how most respondents handle default passwords (passwords that are automatically generated or assigned to their accounts by system administrators). Only 28% of respondents would always change the default password, while more than 50% would usually keep the assigned one. In ElcomSoft's view, this information should really raise an alert with IT security staff and call for a password security audit. ElcomSoft offers a relevant tool, Proactive Password Auditor, allowing organizations performing an audit of their network account passwords.

Unsurprisingly for a sample with given background, most respondents weren't happy about their organizations' security policies, being in either full or partial disagreement with their employer's current policy (61%). 76% of all respondents indicated they wanted a stricter security policy, while 24% would want a looser one. The surprising part is discovered in the next chart: of those who are fully content with their employers' security policies, only 11% would leave it as it is, 20% would vote for a looser policy, and 69% would rather have a stricter security policy.

The complete results and charts are available at http://elcomsoft.com/...

About Proactive Password Auditor

Elcomsoft Proactive Password Auditor helps network administrators to examine the security of their networks by executing an audit of account passwords. By exposing insecure passwords, Proactive Password Auditor demonstrates how secure a network is under attack.


ElcomSoft Co. Ltd.
Vřesovická 429/1
-15521 Praha
Olga Koksharova
ElcomSoft Co. Ltd.
Marketing Direktor


Social Media