View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Half of servers have more than 30 users with default passwords, says IBM

Study of servers audited by PowerTech shows firms failing to get the basics right.

By CBR Staff Writer

Half of servers have more than 30 users whose passwords are set to the defaults, according to a study from IBM.

The computing multinational studied data from over 200 audited servers and partitions, finding that 39% do not require users to have a digit in their passwords, with a quarter of the systems never requiring that users change their login credentials.

PowerTech’s Robin Tatam, director of security technologies and author of the study, said: "Many organisations focus on external threats, but current and former employees are often responsible for data loss or theft, whether intentionally or not."

The study found one of the servers had recorded more than two million sign-on attempts with a single profile, while in a system with almost 2,000 users only a hundred had changed their password from the default.

An average of 240 profiles had not signed on in the past month on each system, with 140 of those remaining enabled and ready for use. Only a third of servers studied had put an exit mechanism in place.

Almost all the systems studied failed to prevent users from accessing critical data, despite all systems having been audited by PowerTech’s Compliance Assessment in 2013.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.