"Only 54% of Security Pros Have a Written Policy on Length and Randomness for Keys for Machine Identities"
In a new survey of 1500 IT security professionals, researchers discovered that about half (54%) of organizations have a written policy on length and randomness for keys for machine identities, but 85% have a policy that governs password length for human identities. The researchers also found out that less than half (49%) of organizations audit the length and randomness of their keys, while 70% do so for passwords. Only 55% of organizations have a written policy stating how often certificates and private keys should be changed, while 79% have the equivalent policy for passwords. Out of the 1500 participants, only 42% of organizations they worked for automatically enforce the rotation of TLS certificates, compared with 79% that automatically enforce the rotation of passwords.