Survey finds poor password practices are rampant

Among the findings of the Webroot survey, four out of 10 respondents have shared passwords with at least one person in the past year; a similar percentage have used the same password to log into multiple websites; almost half of respondents never use special characters; and two in 10 have used a significant date or pet’s name as a password. All of these practices leave users exposed to cyber attacks.

In an interview with Infosecurity, James Reid, Webroot’s threat research manager, explained that there are a number of information security implications from this survey.

“There are several things that people need to be concerned about. The trend we are seeing is that people are not enforcing good password habits themselves. For example, they are using important dates when generating their passwords. What this means is that their social networking, email, and banking sites can be compromised. Contrary to common belief, criminals are interested in more than your banking site information. They are interested in your social networking and email sites.”

Younger people are more likely to use poor password security practices than older people. According to the survey, 12% of younger people (between the ages of 18 and 29) have shared a password in a text message, compared with 4% of all respondents; 54% of younger people have shared passwords with one or more people in the past year, compared to 41% overall; and 30% of younger people have logged into a site requiring a password over a public WiFi site, compared with 21% overall.

“A lot of the younger folks are accessing secure websites over WiFi. Unless they are familiar with how to determine whether their web browser is connecting securely or not, using it over WiFi can actually share your password in text with other people using the network. So they need to know how to use their browser and know when they are connecting securely versus connecting just over plain HTTP”, Reid said.

The number of websites requiring passwords has proliferated. In fact, 75% of those surveyed said that they have five or more online accounts that require passwords; 35% have 10 or more password-protected accounts; only 10% ensure they never use the same password on different accounts; and passwords are forgotten by over half of respondents.

Half of those surveyed believe their passwords are very or extremely secure. At the same time, 86% did not check for a secure connection when accessing sensitive information when using unfamiliar computers; 14% have never changed their banking password; 20% have used a significant date in a password; and 30% remember their passwords by writing them down.

Reid offered a number of recommendations to improve password practices. “A few things that stand out are: make sure you don’t use the same password for more than one website; never save your password in your browser; don’t share passwords, whether its via text message or just giving them to someone else; ensure passwords are complex, not significant dates, such as birthdays or anniversaries; use a mnemonic to help you remember a password; and incorporate punctuation into passwords.”

What’s hot on Infosecurity Magazine?