Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Rainbow Technologies' Password Security Survey, the Industry's Most Extensive, Finds Many Users Writing Down or Sharing Their Usernames and Passwords

The results of a European user name and password usage survey conducted this summer by Rainbow Technologies, Inc. (Nasdaq: RNBO) has found that UK organisations are more security conscious with passwords than France and Germany. The survey also found that the use of user names and passwords as a means of securing data and applications is both costly and insecure, and the more organisations try to strengthen their password the higher the costs.

About 2,500 IT administrators, executive management and security professionals in Western Europe responded to the European survey, about 45 percent were British; French and German accounted for about 25 percent each; and other countries made up the remaining five percent.

The results of the survey closely mirror those from the recent North American survey of user names and password usage where over 3,000 people took part. The survey concludes that user names and passwords are inherently insecure. The higher number of user names and passwords maintained by European users, coupled with the higher frequency of changing individual user names and passwords, means this "free" method of authentication carries a high cost. Add the downtime associated with the inability of users to log in to business-critical data and applications, and there is a significant hidden cost to using user names and passwords in a variety of computing environments.

The main survey results revealed:

· 50.5 percent of users write passwords down at least once; nearly 5.5 percent of all users write every password down.

· More than 46 percent of users share passwords.

· The average user manages about 4.35 passwords with about 20 percent having nine passwords or more.

The survey revealed a number of differences between the countries:

· UK organisations change passwords more often than France and Germany. In the UK 45 percent of people are required to change their passwords more than seven times in a year, compared to 21 percent in France and 23 percent in Germany.

· The UK is also more stringent on what can be used as a password, with 51 percent of UK respondents required to use a mixture of letters and characters compared to just 28 percent in France. The use of the same password over again (i.e. when asked to replace the password, users can select one used before) was not allowed in 56 percent of the UK's respondents compared to only 22 percent in Germany.

· Nearly 40 percent of French respondents needed to access more than nine business applications yet only 19 percent of respondents had nine or more passwords. With the UK only 26 percent of respondents needed to access nine or more applications, yet 23 percent of respondents had 9 or more passwords.

· The sharing of passwords is much higher in Germany (57 percent) and France (52 percent) compared to the UK where only 39 percent of people share their passwords.

· The number of users requiring password resets is much lower in Germany (22 percent) and France (30 percent) than in the UK where 44 percent of respondents have needed to have their passwords reset over the past year.

The levels of password resets appear to reflect organisations policies towards passwords in each of the countries. We see a much higher level of passwords resets in the UK where organisations appear to be the most security conscious.

"This survey of European usage of user names and passwords underscores our contention that, as a security device, user names and passwords leave business-critical data and applications exposed and potentially compromised," said Gary Clark, vice president of sales and marketing, EMEA, Rainbow Technologies. "As more organisations use the internet and the web to deploy their core business applications, it is clear that the current user name and password authentication paradigm creates more costs and security holes than it solves, and a better solution is needed."

Keys are Better Than Passwords

User friendly authentication hardware devices, like Rainbow's iKey effectively eliminate the need for user names and passwords as a user's credentials for accessing applications are passed along from the iKey directly instead of a user inputting a user name / password combination. As the iKey is so small many users attach it to their key ring, which means that the number of users forgetting or losing iKey's is very small compared to old traditional tokens or smart cards. A finding from the survey showed that 94 percent of people hadn't lost their house keys in the past year.

The iKey is a standard feature that secures web and non-web applications in the NetSwift iGate's SSL VPN and Instant Private Web solution today. The iKey's versatility has allowed it to be integrated with many leading solutions including those that provide remote access, disk encryption, email signing and single sign on.

The full survey can be downloaded from:


Rainbow Technologies contact:

Dan Chmielewski / Andre Armstrong

Rainbow Technologies

Tel: +44 (0) 1932 579 200

Press contact:

Sarah Hewitt / Nicola Atkins


Tel: +44 (0) 1494 434 434

About Rainbow Technologies

Making security simple since 1979, Rainbow Technologies (Nasdaq: RNBO) is a leading provider of proven information security solutions for mission-critical data and applications used in business, organisation and government computing environments. Rainbow has been breaking the security paradigm by making complex security simple to implement and use. With headquarters in Irvine, Calif., Rainbow maintains offices and authorised distributors throughout the world. For more information, visit the Web site at

# # #

Rainbow Technologies, iKey and NetSwift iGate are trademarks of Rainbow Technologies, Inc. All other company and product names are trademarks of their respective organisations.

The Private Securities Litigation Reform Act of 1995 provides a "safe harbor" for forward-looking statements. Certain information contained in this press release and included in our Annual Report on Form 10-K and other materials filed with the Securities and Exchange Commission ("SEC") may contain, without limitation, statements regarding survey results, market share leadership, user name and password authentication techniques, and competitive landscape. Actual results could deviate from these forward-looking statements, which are made as of the date of this press release. The Company assumes no obligation to update information concerning its expectations.

This press release was distributed by ResponseSource Press Release Wire on behalf of Strategic Public Relations Ltd in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit