The explosion of passwords in today?s enterprise has created a sea of holes in the security infrastructure. Some CIOs have responded to the challenge by bringing in the lifeboats, figuratively speaking, but in many cases the password-related security risk remains largely unchecked and even ignored.

Whether out of denial, inertia or sheer work overload, many IT managers simply look the other way when it comes to ensuring password security. The upshot, in effect, is password malpractice. Thousands of points of possible network infiltration are left open to determined hackers and even disgruntled employees. One cracked or stolen password can undo all other security measures combined.

The magnitude of the problem is staggering. The majority of users now have more than six passwords, a third have more than 15, and IT administrators can have up to 100, according to industry estimates. The blame lies primarily with the proliferation of applications and Web-based services, each requiring its own user ID.

continued @