The whole culture of Bring Your Own Device (BYOD) in the workplace has reignited the mobile device security debate. Although there are many ways to protect data, the first line of defence when a mobile device (be it a tablet or smartphone) is lost or stolen is almost always going to be a password of some kind. I'm not going to get into the relative merits of PINs and passwords against more robust methods of data protection, that's for another time, instead let's just focus on the use of passwords. Have you ever wondered how many people are actually using them at all, how many businesses require their BYOD employees to password protect them at the very least?

Fibrelink secures more than a million business devices worldwide, and has tapped into the data it gets from these to examine password usage in the enterprise and provide some answers to those questions. Unfortunately, the answers are not particularly comforting on the whole. The data reveals, for example, that the majority of businesses still only require a weak password and a surprising number require none at all.

OK, so how was the data obtained? Well, the password information was determined by analysing a random sampling of 1,000 of Fiberlink’s 5,000 customers or, put another way, 200,000 or so of the one million smartphones and tablets under Fibrelink management. A simple password was defined as being either a PIN or a string of letters, whereas a complex one contains a combination of alphabets, numbers and special characters.

And what did the data reveal? Well, some 15% of all devices sampled did not require a password at all. Of those where a password was required, the simple PIN is far and away the most popular password type with a staggering 93% using this option. Of these, only 27% have a PIN length greater than 5 characters. It doesn't take a genius to work out that this means only 7% of all the password protected devices in the data sample required either a complex or alphanumeric password string.

When it comes to industry type, healthcare was out front with password enforcement on 97% of their mobile devices, education trailed in last with just a 41% requirement. The public sector tended to use the most secure mobile device passwords, but don't get too excited as the stats reveal that only 18% of the devices in this sector used complex or alphanumeric passwords. Still, it sure beats the education sector which sits on a figure of just 1%.


Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.