Most IT professionals (55 percent) make their users change their passwords more often than they change administrative credentials.
A survey conducted by Lieberman Software at the RSA Conference 2016, which polled 190 IT pros, also discovered that a surprising 10 percent never change admin credentials at all. Almost half (45 percent) of respondents work in an organisation with at least 1,000 employees.
“Administrative passwords are the most powerful credentials in an organisation – the keys to the IT kingdom,” said Philip Lieberman, president and CEO of Lieberman Software. “The fact that 10 percent of IT professionals admitted that they never change these credentials is astounding. It's almost like an open invitation to hackers to come in and stay a while.”
Almost three-fourths (74 percent) of respondents change admin passwords on a monthly or less frequent basis. IT staff share the same password as 36 percent of employees in their organisations and 77 percent feel that passwords are failing as a method of IT security.
Over a half (53 percent) say that modern hacking tools could easily break passwords within their organisations and 15 percent of respondents felt that if they left their organisation they could still remotely access the admin credentials.
Almost half (45 percent) don't feel their company is prepared to defend against a cyber-attack regardless of their IT security technology.