How often are passwords to privileged accounts changed?
Jun 04, 2013
Passwords to privileged accounts -- including default passwords in hardware and software and application backdoors as well as administrative accounts -- are the keys to the kingdom for intruders who target these accounts to get wide-ranging access to IT systems.
A survey of IT security professionals and C-level executives by the information security company Cyber-Ark shows organizations struggling with the management of these accounts. Passwords too often are shared and too infrequently changed. Many organizations do not have a clear understanding of how many of these accounts they have or where they are.
The survey includes responses from 236 people, just 21 of them from U.S. federal and state government agencies, so the results probably are more anecdotal than statistically significant. But they suggest that government is doing a much better job in at least one area, preventing the sharing of these sensitive passwords. Overall, 51 percent said they allow shared passwords, but only 19 percent of government respondents said they do.
-- William Jackson