U.S. Businesses Lose More than $200,000 Annually from Employees Struggling with Passwords
Centrify Survey Finds 38 Percent Don’t Use Passwords on Devices Accessing Work Data; One in Four Commit Cardinal Sin of Using Same Password Whenever Possible
October 14, 2014
SANTA CLARA, Calif. – Oct. 14, 2014 – A survey conducted by Widmeyer and sponsored by Centrify Corporation, the leader in unified identity management across cloud, mobile and data center, revealed that companies lose upwards of $420 of productivity annually per employee due to workers grappling with passwords; a loss equivalent to giving each employee two new iPhone 6’s every year. For a company with 500 staffers, the loss is equivalent to nearly $210,000 per year in productivity.
The survey also found that nearly one-third of sampled workers enter more than 4,000 passwords a year while accessing applications, wasting about 24 hours annually in the process. And while half of the respondents wrongly believe they have five or fewer online profiles, 37 percent actually create more than 50 new account profiles annually.
What’s more, employees’ poor password habits put their employers at risk, as nearly half of respondents use their personal devices for business purposes, and more than one-in-three do not use passwords on those devices, even though many keep office email, confidential documents, customer contact info, and budget information on them. These findings underscore a real need for a better approach to passwords, and beg the question: Can companies afford the double-whammy of security risk alongside the gouge in productivity?
“The results show that employees, regardless of how often they’re warned of the dangers to their data, opt for convenience over security,” said Jon Oltsik, senior principle analyst at ESG. “Between employees’ lack of diligent password use and their loss of productivity, it has never been more clear that the time has come for companies to move beyond relying on passwords for protecting their applications and data.”
The survey results further showcase the need to improve the way we engage with passwords:.
- While 53 percent of workers sampled say it’s completely their responsibility to keep the work data on their personal device safe, more than one third (38 percent) still don’t use passwords to protect their devices.
- People have very little faith in the absolute security of their passwords, as only 12 percent of respondents believe their passwords are very secure.
- People find forgetting passwords more annoying than misplaced keys, dead cell phone batteries and spam email.
“I think most would agree that passwords are broken, but it’s shocking when you quantify the magnitude of what passwords are costing organizations from both an efficiency and effectivity standpoint,” noted Centrify CEO Tom Kemp. “This underscores the demand for a better approach, whether that’s unified identity management with benefits like single sign-on and multi-factor identification for corporations, or new types of encryption systems for public websites. There are more reliable options available than ever before, so we should be asking ourselves what it’s going to take to make the move to better systems. Bottom line, it’s time to kill passwords.”
When asked how they remember account profile passwords, respondents confessed to the following top three password crimes:
- One in four admit to the cardinal sin of using the same password whenever possible
- Keeping a hand-written master book of passwords (29 percent)
- Rotating through a variety of similar passwords (30 percent)
The Widmeyer survey was developed to assess people’s engagement with, and perception of, passwords, in order to determine their efficacy in the workplace. The survey was completed in September 2014 with more than 1,000 participants in North America and 1,000 in the U.K. Results were similar across both regions. To download the full report, please visit: http://www.centrify.com/Password-Survey.
Centrify provides unified identity management across cloud, mobile environments and data center that deliver a single sign-on (SSO) for users and a simplified identity infrastructure for IT. Centrify’s unified identity management software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage an organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and mobile device management. Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent, while improving business agility and overall security. Centrify is used by more than 5,000 customers worldwide, including nearly half of the Fortune 50 and more than 60 Federal agencies.
For more information, please visit http://www.centrify.com/
Centrify is a registered trademark and Centrify Server Suite and Centrify User Suite are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
Ready to protect against the #1 Attack Vector?
Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.