Brits guard Facebook passwords more than work logins – survey
Too many of the damn things to remember
A survey of UK consumers revealed many are far more careful with their social network login credentials than passwords that grant access to corporate systems.
A third - 34 per cent - of 2,000 people quizzed admitted sharing their work passwords, but 80 per cent of the same group were unwilling to reveal their Facebook login details.
The survey, commissioned by cloud security firm Ping Identity, suggests that the use of multiple passwords is posing a security risk to individuals and businesses alike.
More than half of the punters polled need to remember four or more different passwords daily, something that seems to be tricky for many. More than half (61 per cent) of those surveyed admit they write down their passwords in order to remember them. One of five (21.6 per cent) needed to remember more than eight different passwords.
Complex password policies often dictated by businesses and online retailers have added to password headaches. More than half (53.5 per cent) of consumers are required to change their passwords on a regular basis, so 60 per cent restrict themselves to number and letter combinations that are easily forgotten. Worse still, in an effort to reduce the amount of complex passwords they need to remember, consumers often reuse passwords across multiple sites.
“The more passwords we’re forced to remember, the more we’re likely to forget, or write down in an effort to ensure we always have access to the accounts that matter,” said John Fontana of Ping Identity*. “Not only does this leave individuals open to fraudulent activity and exposes the businesses they work for, but it also highlights the value we place on different passwords.”
A fault with the default password
Another password-related study out this week reveals that although users generally want stricter security policies, they rarely bothered changing the default passwords, contrary to common sense.
Less than 30 per cent of the 460 respondents to a survey ran by password recovery business ElcomSoft claimed they have never forgotten a password. The remainder admitted forgetting login credential either because of infrequent use (28 per cent), not writing their password down (16 per cent) or because the password had slipped their mind while they were off work on a holiday (13 per cent).
A quarter of those quizzed said they changed their passwords regularly, while a further 25 per cent change their passwords infrequently. The remaining half change their passwords either sporadically or almost never.
The poll revealed a serious issue with default passwords - whether automatically generated or assigned by hand. Around a quarter (28 per cent) of respondents always change the default password, while more than 50 per cent would usually keep the assigned one.
ElcomSoft counsels against this lax attitude. "Using default passwords is dangerous, even though they might be complex, simply because you can easily find lists of passwords in the internet," explained ElcomSoft spokeswoman Olga Koksharova. "A really strong password should be not only long and complex, it should be unique."
Most respondents to the survey (61 per cent) weren’t happy about their organisations’ security policies, being in either full or partial disagreement with their employer’s current policy. Three-quarters (76 per cent) of all respondents indicated they wanted a stricter security policy.
A series of pie chart illustrating the main findings of ElcomSoft's survey can be found here [PDF]. ®
* Ping Identity markets services designed to reduce the number of passwords staff at its corporate clients need to remember, so it has a vested interest in talking up the problem that multiple passwords can create. This doesn't mean it's wrong though.
Same. I run the risk that someone could log on to a lot of forums and post drivel but honestly that'd just be saving me some effort.
our network forces us to use semi- complex passwords (>8 chars, upper/lowercase mix, at least one letter/number/symbol used) and they force us to change them every 30 days... but remind us that it needs changing after 15 days. does my head in. no way i remember a different complex password every month, so i use the same one everyone, just add the month name to the end each time.
whereas Facebook, i don't have to change that password, so i took the effort to make a 14 character one that's completely random.
i think our password security at work is too much, it encourages us to take shortcuts.
Re: Remembering a password is no harder than remembering a phone number
I just checked. I have 51 login/password combinations recorded on a file that i keep "somewhere". Many of these are not used often enough for me to remember. A lot of them are passwords that were forced on me by the site and are next to impossible to remember. not the same as phone numbers at all. I'm retired, and a lot of us oldies use the web a lot, but our memories are not as good as they once were. So don't tell us to start remembering lots of passwords, 'cos it ain't going to happen.