Survey Shows How Stupid People Are With Passwords

wiredmikey writes "Another study was released to today that once again shows how careless people really are online. When it comes to safeguarding personal information online, many people don't seem to care very much, or don't think enough about it. In the survey of more than 2,500 people, some interesting and scary trends were revealed in how users handle their online passwords..."

pwdhash FTW

[BlackPignouf]

One very good solution is to use pwdhash:
https://www.pwdhash.com/

You can install it as a local plugin for Firefox or as bash/ruby scripts on your computer.
You only need to remember one strong master password, and forget about the rest.

You get something like this, depending on domains (no phishing!) & the length of your master password:
+1xhTRy7T for ebay.com
fRrL2nI7+ for amazon.com
TYZyfI0u+ for facebook.com
3yL+WQBF7 for skype.com
+KwIr4FId for delicious.com

Enjoy!

Re:The really distressing thing...

perhaps young people do understand online security better. Most of the supposed sins highlighted in the article are junk. Perhaps young people better understand the much more well thought out: http://news.slashdot.org/story/10/03/16/1931214/Users-Rejecting-Security-Advice-Considered-Rational

Re:I'm not convinced this is as bad as described.

[Kjella]

Seriously, either you rely on password reuse, you have the world's greatest memory or your vitally dependend on some software to track your passwords and if you lost that, you've lost everything.

In order of difficulty and importance I remember roughly four passwords:

1. The full disk encryption, it's for everything I don't trust the intartubes with.
2. My online bank password, you can pull a lot of BS but don't touch my money.
3. My webmail password - both as it's personal and as it gives other logins.
4. My "everything else" password - for most forums and shit.

That does not count the PIN on my ATM card, my logins at work or any of the other of the many things I ought to remember. That also doesn't count that I regularly have to swap between three different user ids because "Kjella" is often taken. That's enough for one mind, and I've heard I'm fairly good at remembering things. For people that seem to have enough just remembering their PIN I just don't see it happening without help. And given the reliability of HDDs and most people's ability to take backups, I'd suggest a note in your wallet. And maybe a backup of that too, since I know several who have lost their wallet or had it stolen.

Posthumous passwords

[scrib]

Having passwords accessible in some fashion for family in the event of death is good, but not considered very often.
Write them down, or put them on a thumb drive in a safe... I knew most of my Dad's passwords when he died quite unexpectedly. It simplified a lot of the financial issues.

Maybe it is a general security problem, but banks will let you do things online with a password that you'd need certified court documents and a death certificate to do in person: transfer money between accounts, pay utilities from the account. Anything that has online, recurring payments needs to be dealt with (eg NetFlix).

My plan, as yet unimplemented, is to put all that stuff in an encrypted TrueCrypt file (on a thumb drive or unprotected PC) and give my family the password to that file.

Re:What about logging in over public WiFi?

[cdrudge]

My wife locks me out every time she accesses our bank account. Our credit union has implemented a new "security" feature where the account number and password remembers the cadence that you enter the information. If the cadence doesn't match, it rejects it. I type a lot faster then she does, so my cadence is never even close to what her's is.