Password Perplexity

Since October is security awareness month, and I’ve been too busy to make up the usual daily tip, here is amonth’s worth all in one go, brought to you by SecurityWeek.   Time to take a cold hard look at your Internet password habits.  As the article states, ANY account is of value to an attacker, either as a beach-head, as a point of impersonation for fraud, as a place to brute-force test passwords that other sites might report or block access to as a result, or conducting other nefarious operations.

Among the findings:

  • 4 in 10 respondents shared passwords with at least one person in the past year.
  • Many people use the same password to log into multiple Web sites, potentially exposing their info on each site. (A separate recent study revealed that 75% of people use the same password for Social Networking Sites and their email accounts)
  • Almost half of all users never use special characters (e.g. ! ? & #) in their passwords.
  • 2 in 10 have used a significant date, such as a birth date, or a pet’s name as a password – info that’s often visible on social networks.
  • 18 to 29 year-olds are especially likely to take online security risks:
    • 12% have shared a password in a text message (vs. 4 percent overall)
    • 30% logged into a site requiring a password over public WiFi.
    • 54% have shared passwords with one or more people in the past year (vs. 41 percent of people overall)

Consumers still think they are safe, with 50% saying they feel their passwords are very secure:

  • 86% do not check for a secure connection when accessing sensitive information when using unfamiliar computers.
  • 14% never change their banking password.
  • 30% write down their passwords and hide them somewhere like a desk drawer.
  • 41% use the same password for multiple accounts.
  • 16% create passwords with more than 10 characters in length.
  • 41% have shared passwords with one or more people in the past year.
  • 47% use their Facebook password on other accounts.
  • 62% of Facebook users never change their password!!

The article also offers some password sanity saving tips.  SecurityWeek