Enterprise security strategy - Password Strength Needs a Boost - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Password Strength Needs a Boost

Written By
Brian Prince
Brian Prince
Oct 16, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

When it comes to passwords, users are often the weakest link in the chain.

According to a survey by researchers at the University of Wisconsin-Madison and IT University in Copenhagen found that just four percent of the people surveyed obeyed best practices for passwords. The survey focused on 836 staff members at company handling “very sensitive private information.”

What the academics uncovered was that just four percent of those surveyed obeyed best practice rules for passwords. Others frequently did not, doing things such as using the same passwords for different systems or writing their passwords down on post-it notes.

“On an average, respondents have different 4.1 passwords to logon to different computers and/or access different computer applications at work,” the researchers state in their paper. “If we include passwords used at home that number increases to 9. Eighteen percent of the respondents always use the same password to access the different computer systems, application or websites, 50% sometimes use the same password and sometimes another password, and 31% always use different passwords.”

This study comes on the back of an analysis of the strength of a batch of stolen passwords Acunetix. The company found similarly that many users were utilizing weak passwords to protect their Microsoft Hotmail accounts.

Just what to do about this, beyond continuing user education, is anybody’s guess. But the report from IT University and the University of Wisconsin-Madison suggests it may be time to abandon code words for pictures.

“There are also other solutions to overcome human limitations,” the report states. “For example several studies have shown that human beings are better at recognizing pictures than words or sentences and pictures are better stored in the long-term memory…Most efficient are two- or three step authentication methods, for example a combination of a token based ands knowledge-based authentication (for example a smart card in combination with a PIN number), a combination of biometrics and passwords, or a combination of token-based authentication and biometrics, depending

on the level of security needed.”

The question is, is your enterprise doing enough?
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information