Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Rainbow Technologies US Survey is Industry's Most Extensive on Password Security: Average User Maintains Five and a Half Passwords and More Than Half Write Them Down

A new US survey conducted in late June by Rainbow Technologies, Inc. (Nasdaq: RNBO) has found that the use of user names and passwords as a means of securing data and applications is both costly and insecure. More than 3,000 IT administrators, executive management and security professionals took part in the survey, one of the most extensive conducted on the usage of user names and passwords for security, from an initial pool of 24,000 individuals.

The respondents answered seven questions about their use of passwords. The results conclude that user names and passwords are inherently insecure and the sheer number of user names and passwords maintained by users, coupled with the frequency of changing individual user names and passwords, means this "free" method of authentication carries a high cost. Add the downtime associated with the inability of users to log in to business-critical data and applications, and there is a significant hidden cost to using user names and passwords in a variety of computing environments.

The survey results revealed:
· 55 percent of end users reported that they write passwords down at least once
· Nine percent of all users write every password down
· 40 percent of users share passwords, contributing to insecurity in VPN and SSL VPN environments
· The average user manages five and a half passwords, with over 24 percent having at least eight user names and passwords on their system at any one time
· 80 percent of respondents indicated that their organisations have implemented password-strengthening techniques (using "non-words" for passwords, or combinations of numbers and letters); and that this actually increases the likelihood that the password is written down or forgotten
· 51 percent of all users require IT help to access applications because they forgot the password

"This survey re-enforces the position of many security professionals that there are real costs, in lost productivity and security impotency, associated with user names and passwords," said IDC research director Charles Kolodgy. "These results should encourage enterprises to investigate the replacement of weak passwords with secure authentication tokens such as iKey. At a minimum, tokens should be fielded in highly vulnerable environments such as remote access."

"As more and more organisations use the Internet to deploy their core business applications, it is becoming apparent that current user name and password authentication techniques can leave the information exposed," said David M. Lynch, vice president of worldwide marketing, Rainbow Technologies. "This survey looks at the way that passwords are actually used today and identifies some of the areas where security is regularly compromised. Passwords are also expensive to maintain, with the cost of managing passwords estimated to be from $75 to $150 per user, per year which doesn't count lost productivity due to downtime as the user waits to access an application."

For a complete copy of the survey results, go to

What's Replacing Passwords?
A vast majority of SSL VPN appliances rely on user names and passwords for basic authentication. If they support an add-on authentication device, such as a random-number generator token, this new hardware significantly adds to the full deployment time and to the cost per user.

Authentication hardware devices, like Rainbow's iKey - a standard feature of the NetSwift iGate appliance - effectively eliminate the need for user names and passwords for secure remote access. A user's credentials for accessing applications remotely are passed along from the iKey. Instead of the application looking for a user name and password, the application only looks for the random string developed by the iKey and unlocked with a PIN. The two-factor authentication through the key occurs when the iKey (something you have) is inserted into the USB port and a simple PIN (something you know) is typed in and grants secure access to core business applications.

The iKey secures web and non-web applications in the NetSwift iGate's SSL VPN and Instant Private Web solution today, and can scale for use as a local desktop logon or anywhere a user name and password is used for access. IDC reports that the iKey is the worldwide market share leader for USB authentication tokens and this category is the fastest growing segment of the hardware authentication business, with a 92 percent compound aggregate growth rate (CAGR). A recent Yankee Group report on authentication technologies says that user names and passwords are expected to be the leading casualty in the authentication technologies market, which is expected to double from $1.4 billion this year to $2.8 billion by 2008.

Rainbow Technologies is currently conducting a European password survey and the results will be announced in September.


Rainbow Technologies contact: Dan Chmielewski / Andre Armstrong
Rainbow Technologies
Tel: +44 (0) 1932 579 200

Press contact:
Sarah Hewitt / Nicola Atkins
Tel: +44 (0) 1494 434 434

About Rainbow Technologies
Making security simple since 1979, Rainbow Technologies is a leading provider of proven information security solutions for mission-critical data and applications used in business, organisation and government computing environments. Rainbow has been breaking the security paradigm by making complex security simple to implement and use for more than two decades. With headquarters in Irvine, Calif., Rainbow maintains offices and authorised distributors throughout the world. More information can be found on the web site at

Rainbow Technologies and NetSwift iGate are trademarks of Rainbow Technologies, Inc. All other company and product names are trademarks of their respective organisations.

The Private Securities Litigation Reform Act of 1995 provides a "safe harbor" for forward-looking statements. Certain information contained in this press release and included in our Annual Report on Form 10-K and other materials filed with the Securities and Exchange Commission ("SEC") may contain, without limitation, statements regarding market share leadership, compounded aggregate growth rate, and competitive landscape. Actual results could deviate from these forward-looking statements which are made as of the date of this press release. The Company assumes no obligation to update information concerning its expectations.

# # #

This press release was distributed by ResponseSource Press Release Wire on behalf of Strategic Public Relations Ltd in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit