One-quarter of IT professionals have known a co-worker who snooped into sensitive data using privileged credentials, a survey from identity management vendor Lieberman Software recently found. It appears, based on the study, that IT pros are guilty of many of the same password short-cuts commonly taken by end users, reports Mathew J. Schwartz at InformationWeek.

Changing passwords frequently and using long, random passwords are security recommendations that have been known for a long time. Nonetheless, one-fourth of the 300 IT pros surveyed reported that some privileged passwords for all-access rights to databases, applications and hardware at their organizations were simpler than end-user password requirements.

More than 40 percent of the respondents said that IT workers share passwords and access to applications and systems. When superuser passwords are freely shared, it can be tough to trace inappropriate access to sensitive data.

IT groups can also be guilty of leaving hardware and software with their factory default passwords or changing a fleet of equipment to the same password. Nearly half of those surveyed said that administrators' passwords were not changed for at least 90 days.

One of the reasons IT pros share passwords likely is that they are required to access so many different systems on a regular basis. "The issue has to do with the proliferation of systems, and the IT groups not having the resources to manage what's on their plate," Philip Lieberman, president and CEO of Lieberman Software, said. "This is an issue involving lack of adoption of technology, but also a lack of awareness at a senior level as to how bad the problem has gotten."

For more, see:
-Mathew J. Schwartz's article at InformationWeek

Related Articles:
Not-so-conventional wisdom on password management
Fired Ga. man crashes ex-employer's VMware systems