Report: 40% of IT security leaders don't change default admin passwords

Some 18% of IT professionals still use paper-based logbooks to manage privileged passwords, according to a One Identity report.

Video: Why all passwords are bad passwords TechRepublic's Alison DeNisco why passwords make companies so vulnerable, best practices for keeping your password secure, and the next generation of biometric security.

Nearly 90% of IT security professionals say they face challenges managing privileged passwords, according to a One Identity report, released Tuesday. This is a major issue, as eight out of 10 breaches that occur involved privileged credentials, a recent Forrester report found.

In a global survey of 900 IT security professionals, 18% said they still use a paper-based logbook to manage privileged accounts, One Identity found. Meanwhile, 36% are using "equally inadequate" spreadsheets for tracking privileged accounts, according to the report. Some 67% of companies rely on two or more tools to manage these accounts, indicating widespread inconsistency in privileged access management.

Password change management also remains a problem: A whopping 40% of IT security professionals said they don't employ the basic best practice of changing a default admin password. And 86% of organizations surveyed said they do not consistently change the password on their admin accounts after each use.

SEE: Password Management Policy (Tech Pro Research)

IT faces challenges in monitoring admin accounts as well: 57% of professionals said they only monitored some privileged accounts, or did not monitor privileged access at all. And 21% said they are unable to monitor or record activity performed with admin credentials at all.

Gaining access to privileged accounts is the easiest way for cybercriminals to steal an organization's critical data and systems, One Identity noted in the report. "By not adhering to these best practices, privileged accounts are vulnerable to open the door to data exfiltration or worse, if compromised," according to a press release.

"When an organization doesn't implement the very basic processes for security and management around privileged accounts, they are exposing themselves to significant risk," John Milburn, president and general manager of One Identity, said in a press release. "Over and over again, breaches from hacked privileged accounts have resulted in astronomical mitigation costs, as well as data theft and tarnished brands."

Long, easy-to-remember phrases make the best passwords, experts say. You can find more password management tips and tricks here.

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • 88% of IT security leaders have trouble managing privileged passwords. -One Identity, 2017
  • 18% of IT security leaders said they still use a paper-based logbook to manage privileged accounts. -One Identity, 2017
  • 40% of IT security professionals don't employ the basic best practice of changing a default admin password. -One Identity, 2017
Image: iStockphoto/designer491

Also see