Survey Shows How Stupid People Are With Passwords

wiredmikey writes "Another study was released to today that once again shows how careless people really are online. When it comes to safeguarding personal information online, many people don't seem to care very much, or don't think enough about it. In the survey of more than 2,500 people, some interesting and scary trends were revealed in how users handle their online passwords..."

What about logging in over public WiFi?

[Superken7]

From TFA:
" 30 percent logged into a site requiring a password over public WiFi (vs. 21 percent overall)"

So what? thats what SSL and Certificates are for. Entering your password in a public computer - well, thats another story.

Re:What about logging in over public WiFi?

[interkin3tic]

Also seems like he's making a fuss over nothing when it comes to 41% sharing passwords. Sharing passwords with strangers online is one thing. Sharing a password with your wife, assuming you trust her, not that big of a deal.

Re:What about logging in over public WiFi?

[Sancho]

Came here to say this. The article talks about how stupid these practices are, but there are reasonable reasons for doing most of them.

Nearly as many people use the same password to log into multiple Web sites, which could expose their information on each of the sites if one of them becomes compromised. (A separate recent study revealed that 75% of people use the same password for Social Networking Sites and their email accounts)

I reuse passwords because it's simply not possible for me to remember more than about 20 password/username/site tuples. I have a password "scheme" that I use to make memorable passwords, but I have to deal with sites which:
- Have restrictions on the username that means I can't use my normal one
- Already has my usual username taken
- Have restrictions on the characters/length of the password
etc.

So I have a few throwaway passwords that I don't care about, and I use those most places where I don't care if the account gets compromised. Why do I care if someone gets access to my deepdiscountdvd account?

Almost half of all users never use special characters (e.g. ! ? & #) in their passwords, a simple technique that makes it more difficult for criminals to guess passwords.

Password complexity is complex. What's better, an 6 character password with special characters or a 13 word phrase? Using a special symbol is not a panacea of password security.

12 percent have shared a password in a text message (vs. 4 percent overall)

It depends upon how important that password is, but in general, I'm not worried about people sniffing my SMS messages. If I'm going to share a password with someone, I generally consider that password to be useless anyway.

Passwords are forgotten occasionally, often or always by over half of consumers (51 percent).

No kidding? I thought it would be higher. I guess the main reason it's not higher is because people re-use passwords.

I use "access to my e-mail address" as my credential for a lot of sites, when I can't be bothered to remember the password or store it in my keepass database (which, itself, has about 50 passwords in it.)

86 percent do not check for a secure connection when accessing sensitive information when using unfamiliar computers

Ever, or sometimes? I mean, some sites don't even use SSL for authentication (*coughcough*)

14 percent never change their banking password.

If you use a good password, and you assume that the bank itself hasn't been compromised, why change it?

Overall, the article seems fairly useless.

I'm not convinced this is as bad as described.

[JoshuaZ]

For example, the article asserts that 4 out of 10 people have shared a password in the last year. I've done that. I shared the password to one of my email accounts with my twin who needed access. And after he was done I changed the password. Much of the data here is very hard to actually show is bad without more context for what exactly people were doing. Also, while we're discussing these issues, obligatory xkcd - http://xkcd.com/792/.

30% remember their passwords by writing them down

[Superken7]

Also, regarding: "And 30 percent remember their passwords by writing them down and hiding them somewhere like a desk drawer."

I think writing down your password isn't that bad of a choice (especially for online passwords, not the one that logs you into your computer).
I'm not the only one who thinks that way: http://www.schneier.com/blog/archives/2005/06/write_down_your.html

Password authentication is dumb

[dredwolff]

So, what, we're supposed to have a different password with special characters and nothing significant to us (like dates) for each of the 150 online accounts we have? Oh, and if we write down the passwords somewhere so we don't forget them we're dumb too? Whatever! Maybe if we all had photographic memories that would be a realistic options, but there's just no way it's going to happen like that.

It's just a crappy system, we should be using public key encryption with our private keys stored on a USB key - or some other similar scheme, where we don't have to memorize a million randomized passwords in order to not have our identity stolen.

Re:30% remember their passwords by writing them do

[nine-times]

Yeah, it depends on what you're protecting against. If the purpose of online passwords is primarily to prevent other online users from accessing your account, then writing the password down in a notebook on your desk is safe. Insofar as the purpose is to protect your account from someone who has access to your desk, it's not safe.

It's important to remember that security depends on context.

Simple: It's not their problem.

[maillemaker]

Users are careless with their workplace computers because it's not their data and they don't care what happens to it.