Across the world, more companies in Asia subscribe to frequent password changes than their counterparts in Europe and the Americas.
According to the annual RSA Security Password Management Survey, 39 percent of business users in the Asia-Pacific region are required to change their passwords monthly, compared to 34 percent in Europe and 23 percent in the United States.
Over 1,340 respondents participated in the survey conducted last month, which for the first time polled respondents outside the United States. Participants from the United States and Canada made up about half of the respondents, while Europeans and Asians each accounted for 21 percent of the total surveyed.
Globally, 36 percent of users reported having to manage more than 15 passwords at one time to access various applications, and 18 percent manage between six and 15 passwords. According to a RSA statement, this scenario is similar to last year's.
John Worrall, the security vendor's senior vice president of marketing, noted in the statement that "business passwords remain one of the weakest links in the security chain", due partly to the number of passwords that end users are required to manage.
"Little has changed since 2005," Worrall said. "End-users are still managing an overwhelming number of passwords, and this is resulting in behaviors which open the door to security breaches and potential compliance issues."
Respondents from Asia reported the highest levels of awareness of breaches relating to the use of passwords--35 percent said they know of a corporate security breach that occurred as a result of a compromised password. About 33 percent of participants in Europe, and 14 percent in the United States, gave the same response.
The high number of passwords that users globally have to manage is apparently a source of annoyance. Some 12 percent of respondents from the Asia-Pacific region and 15 percent of users in the United States, indicated that they were extremely frustrated over having to manage too many passwords at work. Only 14 percent from the Asia-Pacific region said they were not annoyed, compared to 17 percent in the United States and 23 percent in Europe.
|[? $GLOBALS[POLL_ID] = 20004384; template("/zd/common/poll/index.htm");?]|
The fewer, the better?
Ross Wilson, managing director for South Asia and India at RSA Security, told ZDNet Asia in an e-mail that enforcing best practices in password security would be more effective when organizations ease the need for users to remember multiple passwords.
"For example, with only one password to remember, it is more reasonable for you to require users to employ a strong password--one that contains multiple non-alpha characters--and expect that they will not write it down," Wilson said.
According to Wilson, a master password or single sign-on (SSO) would be the way to go to enforce best practices in password security. However, "password security is only one part of identity and access management" and SSO could be "susceptible to breach of security if strong authentication measures such as two-factor authentication, one-time passwords and mobile access codes are not put in place", he noted.