Brits guard Facebook passwords more than work logins – survey
Too many of the damn things to remember
A survey of UK consumers revealed many are far more careful with their social network login credentials than passwords that grant access to corporate systems.
A third - 34 per cent - of 2,000 people quizzed admitted sharing their work passwords, but 80 per cent of the same group were unwilling to reveal their Facebook login details.
The survey, commissioned by cloud security firm Ping Identity, suggests that the use of multiple passwords is posing a security risk to individuals and businesses alike.
More than half of the punters polled need to remember four or more different passwords daily, something that seems to be tricky for many. More than half (61 per cent) of those surveyed admit they write down their passwords in order to remember them. One of five (21.6 per cent) needed to remember more than eight different passwords.
Complex password policies often dictated by businesses and online retailers have added to password headaches. More than half (53.5 per cent) of consumers are required to change their passwords on a regular basis, so 60 per cent restrict themselves to number and letter combinations that are easily forgotten. Worse still, in an effort to reduce the amount of complex passwords they need to remember, consumers often reuse passwords across multiple sites.
“The more passwords we’re forced to remember, the more we’re likely to forget, or write down in an effort to ensure we always have access to the accounts that matter,” said John Fontana of Ping Identity*. “Not only does this leave individuals open to fraudulent activity and exposes the businesses they work for, but it also highlights the value we place on different passwords.”
A fault with the default password
Another password-related study out this week reveals that although users generally want stricter security policies, they rarely bothered changing the default passwords, contrary to common sense.
Less than 30 per cent of the 460 respondents to a survey ran by password recovery business ElcomSoft claimed they have never forgotten a password. The remainder admitted forgetting login credential either because of infrequent use (28 per cent), not writing their password down (16 per cent) or because the password had slipped their mind while they were off work on a holiday (13 per cent).
A quarter of those quizzed said they changed their passwords regularly, while a further 25 per cent change their passwords infrequently. The remaining half change their passwords either sporadically or almost never.
The poll revealed a serious issue with default passwords - whether automatically generated or assigned by hand. Around a quarter (28 per cent) of respondents always change the default password, while more than 50 per cent would usually keep the assigned one.
ElcomSoft counsels against this lax attitude. "Using default passwords is dangerous, even though they might be complex, simply because you can easily find lists of passwords in the internet," explained ElcomSoft spokeswoman Olga Koksharova. "A really strong password should be not only long and complex, it should be unique."
Most respondents to the survey (61 per cent) weren’t happy about their organisations’ security policies, being in either full or partial disagreement with their employer’s current policy. Three-quarters (76 per cent) of all respondents indicated they wanted a stricter security policy.
A series of pie chart illustrating the main findings of ElcomSoft's survey can be found here [PDF]. ®
* Ping Identity markets services designed to reduce the number of passwords staff at its corporate clients need to remember, so it has a vested interest in talking up the problem that multiple passwords can create. This doesn't mean it's wrong though.
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Max Schrems
- Palo Alto Networks
- Trusted Platform Module
- Zero trust