Feeds

Brits guard Facebook passwords more than work logins – survey

Too many of the damn things to remember

Seven Steps to Software Security

A survey of UK consumers revealed many are far more careful with their social network login credentials than passwords that grant access to corporate systems.

A third - 34 per cent - of 2,000 people quizzed admitted sharing their work passwords, but 80 per cent of the same group were unwilling to reveal their Facebook login details.

The survey, commissioned by cloud security firm Ping Identity, suggests that the use of multiple passwords is posing a security risk to individuals and businesses alike.

More than half of the punters polled need to remember four or more different passwords daily, something that seems to be tricky for many. More than half (61 per cent) of those surveyed admit they write down their passwords in order to remember them. One of five (21.6 per cent) needed to remember more than eight different passwords.

Complex password policies often dictated by businesses and online retailers have added to password headaches. More than half (53.5 per cent) of consumers are required to change their passwords on a regular basis, so 60 per cent restrict themselves to number and letter combinations that are easily forgotten. Worse still, in an effort to reduce the amount of complex passwords they need to remember, consumers often reuse passwords across multiple sites.

“The more passwords we’re forced to remember, the more we’re likely to forget, or write down in an effort to ensure we always have access to the accounts that matter,” said John Fontana of Ping Identity*. “Not only does this leave individuals open to fraudulent activity and exposes the businesses they work for, but it also highlights the value we place on different passwords.”

A fault with the default password

Another password-related study out this week reveals that although users generally want stricter security policies, they rarely bothered changing the default passwords, contrary to common sense.

Less than 30 per cent of the 460 respondents to a survey ran by password recovery business ElcomSoft claimed they have never forgotten a password. The remainder admitted forgetting login credential either because of infrequent use (28 per cent), not writing their password down (16 per cent) or because the password had slipped their mind while they were off work on a holiday (13 per cent).

A quarter of those quizzed said they changed their passwords regularly, while a further 25 per cent change their passwords infrequently. The remaining half change their passwords either sporadically or almost never.

The poll revealed a serious issue with default passwords - whether automatically generated or assigned by hand. Around a quarter (28 per cent) of respondents always change the default password, while more than 50 per cent would usually keep the assigned one.

ElcomSoft counsels against this lax attitude. "Using default passwords is dangerous, even though they might be complex, simply because you can easily find lists of passwords in the internet," explained ElcomSoft spokeswoman Olga Koksharova. "A really strong password should be not only long and complex, it should be unique."

Most respondents to the survey (61 per cent) weren’t happy about their organisations’ security policies, being in either full or partial disagreement with their employer’s current policy. Three-quarters (76 per cent) of all respondents indicated they wanted a stricter security policy.

A series of pie chart illustrating the main findings of ElcomSoft's survey can be found here [PDF]. ®

Bootnote

* Ping Identity markets services designed to reduce the number of passwords staff at its corporate clients need to remember, so it has a vested interest in talking up the problem that multiple passwords can create. This doesn't mean it's wrong though.

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.