Feeds

Brits guard Facebook passwords more than work logins – survey

Too many of the damn things to remember

The essential guide to IT transformation

A survey of UK consumers revealed many are far more careful with their social network login credentials than passwords that grant access to corporate systems.

A third - 34 per cent - of 2,000 people quizzed admitted sharing their work passwords, but 80 per cent of the same group were unwilling to reveal their Facebook login details.

The survey, commissioned by cloud security firm Ping Identity, suggests that the use of multiple passwords is posing a security risk to individuals and businesses alike.

More than half of the punters polled need to remember four or more different passwords daily, something that seems to be tricky for many. More than half (61 per cent) of those surveyed admit they write down their passwords in order to remember them. One of five (21.6 per cent) needed to remember more than eight different passwords.

Complex password policies often dictated by businesses and online retailers have added to password headaches. More than half (53.5 per cent) of consumers are required to change their passwords on a regular basis, so 60 per cent restrict themselves to number and letter combinations that are easily forgotten. Worse still, in an effort to reduce the amount of complex passwords they need to remember, consumers often reuse passwords across multiple sites.

“The more passwords we’re forced to remember, the more we’re likely to forget, or write down in an effort to ensure we always have access to the accounts that matter,” said John Fontana of Ping Identity*. “Not only does this leave individuals open to fraudulent activity and exposes the businesses they work for, but it also highlights the value we place on different passwords.”

A fault with the default password

Another password-related study out this week reveals that although users generally want stricter security policies, they rarely bothered changing the default passwords, contrary to common sense.

Less than 30 per cent of the 460 respondents to a survey ran by password recovery business ElcomSoft claimed they have never forgotten a password. The remainder admitted forgetting login credential either because of infrequent use (28 per cent), not writing their password down (16 per cent) or because the password had slipped their mind while they were off work on a holiday (13 per cent).

A quarter of those quizzed said they changed their passwords regularly, while a further 25 per cent change their passwords infrequently. The remaining half change their passwords either sporadically or almost never.

The poll revealed a serious issue with default passwords - whether automatically generated or assigned by hand. Around a quarter (28 per cent) of respondents always change the default password, while more than 50 per cent would usually keep the assigned one.

ElcomSoft counsels against this lax attitude. "Using default passwords is dangerous, even though they might be complex, simply because you can easily find lists of passwords in the internet," explained ElcomSoft spokeswoman Olga Koksharova. "A really strong password should be not only long and complex, it should be unique."

Most respondents to the survey (61 per cent) weren’t happy about their organisations’ security policies, being in either full or partial disagreement with their employer’s current policy. Three-quarters (76 per cent) of all respondents indicated they wanted a stricter security policy.

A series of pie chart illustrating the main findings of ElcomSoft's survey can be found here [PDF]. ®

Bootnote

* Ping Identity markets services designed to reduce the number of passwords staff at its corporate clients need to remember, so it has a vested interest in talking up the problem that multiple passwords can create. This doesn't mean it's wrong though.

Next gen security for virtualised datacentres

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.