Related Links

Related Stories

Top 5 Stories


The contradictions of password psychology

22 February 2012

A new survey on attitudes towards passwords indicates an apparent contradiction: most people want stricter password security policies, but don’t bother changing their own default passwords.

This is the somewhat surprising result of a survey of its users undertaken by Elcomsoft, a Russian password audit/recovery company. Asked whether users are satisfied with their company’s password policy, 61% replied that they are not. The preference would be for stricter controls: only 24% would like a more relaxed policy, while 76% would opt for a more strict approach. This in itself is not surprising since Elcomsoft’s users, by definition, have an interest in password security.

However, the same respondents display a relaxed attitude towards their own password security. Only 28% of these will always change the supplied default password, while more than a quarter will usually leave it unchanged. 

The same users also show a high degree of trust in their colleagues’ security. Asked whether they would consider using a colleague’s laptop to access protected accounts (thereby entering their personal details on a computer that for all they know could be compromised), only 35% said they wouldn’t do it. A similar number replied that they trust their colleagues.

Elcomsoft believes that these results should raise a red flag to password administrators. Their users may show a high level of security awareness, but their behavior is different. "We have customers coming from forensic, intelligence, educational and corporate backgrounds", says Vladimir Katalov, ElcomSoft’s CEO. These results are, he admits, “surprising.” It may be one for the psychologists.

This article is featured in:
Encryption  •  Internet and Network Security  •  IT Forensics  •  Security Training and Education


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×