Sophos is reporting that the results of one of their online surveys show that only 19 percent of those who took it are properly using passwords. Properly, meaning using separate passwords for most of the sites they need to log in to.
However, the downside to these numbers is that they are based on a small sample -- quantify them and assume a few things, and they are downright scary.
The survey offered by Sophos was taken by 676 people. Of those users who took the survey, 48 percent said they “use a few different passwords,” while 33 percent said “Yes all the time”, and 19 percent said “No never," when asked, “Do you use the same password for multiple websites?”
So let’s play with these numbers by nit-picking on the 33 percent who use the same password for everything. There are 303,824,646 people in the United States, based on a 2008 U.S. Census. Of that number, 72.5 percent of them are online, that’s 220,141,969 Internet users (source: www.internetworldstats.com).
If the Internet users in the U.S. took the Sophos survey with the same responses, yielding the same statistical breakdown, then 72,646,850 users are using the same password day in and day out on every site that requires one. That number is far more frightening than 223, which equates to the number people who make up the 33 percent in the Sophos survey.
If you altered the hypothetical numbers even more, replacing the 33 percent with seven percent, then that means 15,409,940 Internet users surf the Web using the same password for everything, still a frightening and awful number. What if you take it down next to nothing, to one percent, a single percent of Internet users in the U.S., that number is still a frighteningly high 2,201,420 users.
The good news is those numbers are hypothetical. The bad news is they are still legitimate in point, as users do use the same password for everything, and some are willing to admit it. The reasoning for their risky password behavior is unknown. Most have the mental block of, “no one cares about my online account,” or, “it can’t happen to me,” which they backup with arguments of, “I’ve been online for years with no problems,” forgetting that it only takes that one time.
“With social networking and other internet accounts now even more popular, there's plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you're making it much easier for them,” said Graham Cluley of Sophos. “Once one password has been compromised, it's only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.”
There are lots of tricks and tips for password management. However, the worst advice is to use dictionary words, no matter the language. Small passwords are a no-no as well, simply because with them you have no complexity and they are too easy to crack.
“It's easy to understand why computer users pick dictionary words as they're much easier to remember,” continued Cluley
“A good trick is to pick a sentence and just use the first letter of every word to make up your password. To make it even stronger, you can replace words like 'for' for the number 4, and this should give you peace of mind that your password won't be guessed,” he added.
“While there's still the issue of having to remember multiple passwords, there are some good password management systems that will encrypt all your passwords and only allow you to access them with the master password - of course, it's essential that this password is as strong as possible.”
For some extra tips and tricks see the articles below.
The Tech Herald: Do you use any of these passwords? Change them if you do
The Tech Herald: Personal information and how to protect it
The Tech Herald: Passwords - friend or foe?
The Tech Herald: The mental blocks of security
The Tech Herald: Security myths you should know