Survey Reveals People’s Bad Password Practices

SecurityWeek has posted about a recent password survey (commissioned by Webroot), which reveals some details about how common folk use their passwords. Overall I don’t find their findings to be groundbreaking, and although we know that many people are stupid about how they use their passwords, the statistics provided in the survey are a bit soft if you ask me. Some of these ‘results’ I take with a grain of salt, as I have done some of these things, yet don’t consider myself insecure: I do reuse SOME passwords (selectively), I do log in to stuff over public wifi networks (where appropriate – eg. SSL), and I have shared a password in the past year.  It all depends on how you do these things.

I won’t go into much detail, but these are some of what I think the most important points were:

• Almost half of all users never use special characters (e.g. ! ? & #) in their passwords, a simple technique that makes it more difficult for criminals to guess passwords.
• 86 percent do not check for a secure connection when accessing sensitive information when using unfamiliar computers.
• Almost half of Facebook users (47 percent) use their Facebook password on other accounts and 62 percent of Facebook users never change their password. (I consider this important as Facebook passwords are often targetted by phishing/malware)
• 30 percent remember their passwords by writing them down and hiding them somewhere like a desk drawer.

If I were able to do a large-scale survey, I’m sure I could come out with some more interesting results.