Password Thefts Have Not Prompted Users To Change Password Habits
The newest big problem with data security is the same as the old big problem with data security. It’s the users. Specifically, it’s the fact that most people don’t bother to change their passwords more than once a year, if that frequently.
Data security is a major headache for all business owners, no matter the size of your company.
You can spend hundreds of thousands or even millions of dollars on a top-notch, state of the art system, and still watch it all come tumbling down around you because someone used a dead-simple password or didn’t bother to change it periodically.
How bad is this new/old problem?
According to the most recent survey, fully 53% of users only change their passwords one a year or less. More than a quarter only change them when a system administrator instructs them to.
This is crazy, especially in light of the rapid increase in major security breaches in recent years. With all the high-profile hacks, often affecting hundreds of millions, if not billions of users at a time, you’d think that the message would have sunk in by now. Password security matters. It’s important. It’s your first, best line of defense against a major security breach, and none of that seems to matter. Users just aren’t responding.
It’s uncertain whether this is an education issue, or something else. At this point, it could come down to simple apathy. Since most users won’t be personally impacted by the consequences of a breach, there’s limited interest in working to prevent one.
To date, no one has come up with a good solution to this problem. But, based on the statistics, you can be almost certain that a significant portion of your workforce hasn’t changed their passwords in a while, and many of them are likely using passwords that would be child’s play for a hacker to work out.
That puts your company at risk, and it’s a ticking time bomb.