THINK THOSE TOP-LEVEL PASSWORDS ARE BARRING THE DOOR TO YOUR COMPANY’S MOST SENSITIVE INFORMATION? Think again. In a recent survey, one in three IT administrators said that they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace. Nearly half also confessed that they have poked around systems for information not relevant to their jobs.
Cyber-Ark, a Newton, Mass.-based maker of password file security management software, polled about 300 senior IT professionals at a London security conference, asking them a dozen questions about their password practices. The majority said they work for companies with more than 1,000 employees.
The fact that a third acknowledged they had abused an admin password to access out-of-bounds information shouldn’t surprise anyone, said Adam Bosnian, VP of product strategy and sales for Cyber-Ark. “Admin passwords not only give administrators a lot of power, they also provide a lot of anonymity.” That combination is too tempting for some to fight, he added.
The poll also revealed behaviour that wouldn’t make any security best practices lists. Almost a third of the IT professionals polled said that they’d written privileged passwords on paper, while nearly one in ten admitted that they never changed critical passwords.