Fifty Two Percent of Organizations Require Only Passwords to Access Critical Data

Other key findings of the Aberdeen benchmark study include:

• 88 percent of enterprise users have multiple work-related passwords, averaging between five and six
• 64 percent of organizations do not even require users to change their passwords
• 45 percent of organizations allow standard dictionary terms (like “password”)
• 29 percent of organizations have no requirements for password length

"With the recent, well-publicized incidents of network and identity theft, companies need to put security first and require more than just passwords for user authentication," said Jackson Shaw, senior director, product management, Quest Software. "Helping our customers increase security and mitigate the risk associated with compromised confidential information has become a top priority at Quest. As a result, Quest offers solutions for two-factor authentication as well as single sign-on, provisioning, password management, role management, auditing and compliance reporting."

 Forty percent of those surveyed stated that risk from external users was the leading driver for current investments in strong user authentication, as opposed to risk from internal users, the leading driver for only 16 percent. This is a result of requiring organizations to provide more end users with expanded access – including remote employees, contractors, partners and customers. This expanded access can dramatically increase security breaches from external sources if stronger forms of authentication are not in place.

"Four-fifths of companies with top performance in the study have deployed one or more stronger, non-password methods of user authentication," said Derek Brink, vice president and research fellow for IT Security, Aberdeen Group. "In doing so they have also reduced the number of security-related incidents, improved their success with audit and compliance, and reduced the number of help desk calls and total management costs related to user authentication."

One solution for organizations needing to deploy two-factor authentication is Quest Defender, which uses a token or smart card to provide strong authentication for an organization’s IT infrastructure. By leveraging existing investments in Active Directory, supporting hardware tokens from multiple vendors, and supporting a range of software tokens, Defender provides a cost-effective means to increase security and to achieve and sustain compliance. For more information and to download a free evaluation copy, visit: www.quest.com/defender.

To download the entire Aberdeen Group report, "Strong User Authentication: Best-in-Class Performance at Assuring Identities," visit: www.quest.com/StrongUserAuthentication.

About Quest Software, Inc.

Quest Software, Inc., a leading enterprise systems management vendor, delivers innovative products that help organizations get more performance and productivity from their applications, databases, Windows infrastructure and virtual environments. Through a deep expertise in IT operations and a continued focus on what works best, Quest helps more than 90,000 customers worldwide meet higher expectations for enterprise IT. Quest provides customers with client management as well as server and desktop virtualization solutions through its subsidiaries, ScriptLogic and Vizioncore. Quest Software can be found in offices around the globe and at www.quest.com

# # #

Quest, Quest Software and the Quest logo are trademarks or registered trademarks of Quest Software in the United States and certain other countries. Other trademarks and registered trademarks are property of their respective owners.

Editorial Contact:
Lora Deeds
Quest Software, Inc.
614.726.4660
Lora.Deeds@Quest.com