Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey Shows How Stupid People Are With Passwords

Posted by CmdrTaco on from the your-password-is-trustno1 dept.

wiredmikey writes "Another study was released to today that once again shows how careless people really are online. When it comes to safeguarding personal information online, many people don't seem to care very much, or don't think enough about it. In the survey of more than 2,500 people, some interesting and scary trends were revealed in how users handle their online passwords..."

23 of 427 comments (clear)

  1. Survey Shows How Stupid People Are by Superken7 · · Score: 5, Funny

    was the "with passwords" part actually needed in the title? ;)

  2. What about logging in over public WiFi? by Superken7 · · Score: 4, Insightful

    From TFA:
    " 30 percent logged into a site requiring a password over public WiFi (vs. 21 percent overall)"

    So what? thats what SSL and Certificates are for. Entering your password in a public computer - well, thats another story.

    1. Re:What about logging in over public WiFi? by interkin3tic · · Score: 4, Insightful

      Also seems like he's making a fuss over nothing when it comes to 41% sharing passwords. Sharing passwords with strangers online is one thing. Sharing a password with your wife, assuming you trust her, not that big of a deal.

    2. Re:What about logging in over public WiFi? by cdrudge · · Score: 4, Interesting

      My wife locks me out every time she accesses our bank account. Our credit union has implemented a new "security" feature where the account number and password remembers the cadence that you enter the information. If the cadence doesn't match, it rejects it. I type a lot faster then she does, so my cadence is never even close to what her's is.

    3. Re:What about logging in over public WiFi? by Sancho · · Score: 5, Insightful

      Came here to say this. The article talks about how stupid these practices are, but there are reasonable reasons for doing most of them.

      Nearly as many people use the same password to log into multiple Web sites, which could expose their information on each of the sites if one of them becomes compromised. (A separate recent study revealed that 75% of people use the same password for Social Networking Sites and their email accounts)

      I reuse passwords because it's simply not possible for me to remember more than about 20 password/username/site tuples. I have a password "scheme" that I use to make memorable passwords, but I have to deal with sites which:
      - Have restrictions on the username that means I can't use my normal one
      - Already has my usual username taken
      - Have restrictions on the characters/length of the password
      etc.

      So I have a few throwaway passwords that I don't care about, and I use those most places where I don't care if the account gets compromised. Why do I care if someone gets access to my deepdiscountdvd account?

      Almost half of all users never use special characters (e.g. ! ? & #) in their passwords, a simple technique that makes it more difficult for criminals to guess passwords.

      Password complexity is complex. What's better, an 6 character password with special characters or a 13 word phrase? Using a special symbol is not a panacea of password security.

      12 percent have shared a password in a text message (vs. 4 percent overall)

      It depends upon how important that password is, but in general, I'm not worried about people sniffing my SMS messages. If I'm going to share a password with someone, I generally consider that password to be useless anyway.

      Passwords are forgotten occasionally, often or always by over half of consumers (51 percent).

      No kidding? I thought it would be higher. I guess the main reason it's not higher is because people re-use passwords.

      I use "access to my e-mail address" as my credential for a lot of sites, when I can't be bothered to remember the password or store it in my keepass database (which, itself, has about 50 passwords in it.)

      86 percent do not check for a secure connection when accessing sensitive information when using unfamiliar computers

      Ever, or sometimes? I mean, some sites don't even use SSL for authentication (*coughcough*)

      14 percent never change their banking password.

      If you use a good password, and you assume that the bank itself hasn't been compromised, why change it?

      Overall, the article seems fairly useless.

  3. I'm not convinced this is as bad as described. by JoshuaZ · · Score: 4, Insightful

    For example, the article asserts that 4 out of 10 people have shared a password in the last year. I've done that. I shared the password to one of my email accounts with my twin who needed access. And after he was done I changed the password. Much of the data here is very hard to actually show is bad without more context for what exactly people were doing. Also, while we're discussing these issues, obligatory xkcd - http://xkcd.com/792/.

    1. Re:I'm not convinced this is as bad as described. by Kjella · · Score: 4, Interesting

      Seriously, either you rely on password reuse, you have the world's greatest memory or your vitally dependend on some software to track your passwords and if you lost that, you've lost everything.

      In order of difficulty and importance I remember roughly four passwords:

      1. The full disk encryption, it's for everything I don't trust the intartubes with.
      2. My online bank password, you can pull a lot of BS but don't touch my money.
      3. My webmail password - both as it's personal and as it gives other logins.
      4. My "everything else" password - for most forums and shit.

      That does not count the PIN on my ATM card, my logins at work or any of the other of the many things I ought to remember. That also doesn't count that I regularly have to swap between three different user ids because "Kjella" is often taken. That's enough for one mind, and I've heard I'm fairly good at remembering things. For people that seem to have enough just remembering their PIN I just don't see it happening without help. And given the reliability of HDDs and most people's ability to take backups, I'd suggest a note in your wallet. And maybe a backup of that too, since I know several who have lost their wallet or had it stolen.

      --
      Live today, because you never know what tomorrow brings
  4. Easy by zill · · Score: 5, Funny

    It's a bad idea to use the same password everywhere, so I just set the password as my username and pick a new username on every website.

    1. Re:Easy by zill · · Score: 5, Funny

      Hahahaha disregard that, I suck cocks.

    2. Re:Easy by Anonymous Coward · · Score: 5, Funny

      Can I have my account back, please?

  5. 30% remember their passwords by writing them down by Superken7 · · Score: 4, Insightful

    Also, regarding: "And 30 percent remember their passwords by writing them down and hiding them somewhere like a desk drawer."

    I think writing down your password isn't that bad of a choice (especially for online passwords, not the one that logs you into your computer).
    I'm not the only one who thinks that way: http://www.schneier.com/blog/archives/2005/06/write_down_your.html

  6. Password authentication is dumb by dredwolff · · Score: 5, Insightful

    So, what, we're supposed to have a different password with special characters and nothing significant to us (like dates) for each of the 150 online accounts we have? Oh, and if we write down the passwords somewhere so we don't forget them we're dumb too? Whatever! Maybe if we all had photographic memories that would be a realistic options, but there's just no way it's going to happen like that.

    It's just a crappy system, we should be using public key encryption with our private keys stored on a USB key - or some other similar scheme, where we don't have to memorize a million randomized passwords in order to not have our identity stolen.

  7. Re:30% remember their passwords by writing them do by nine-times · · Score: 4, Insightful

    Yeah, it depends on what you're protecting against. If the purpose of online passwords is primarily to prevent other online users from accessing your account, then writing the password down in a notebook on your desk is safe. Insofar as the purpose is to protect your account from someone who has access to your desk, it's not safe.

    It's important to remember that security depends on context.

  8. pwdhash FTW by BlackPignouf · · Score: 5, Interesting

    One very good solution is to use pwdhash:
    https://www.pwdhash.com/

    You can install it as a local plugin for Firefox or as bash/ruby scripts on your computer.
    You only need to remember one strong master password, and forget about the rest.

    You get something like this, depending on domains (no phishing!) & the length of your master password:
    +1xhTRy7T for ebay.com
    fRrL2nI7+ for amazon.com
    TYZyfI0u+ for facebook.com
    3yL+WQBF7 for skype.com
    +KwIr4FId for delicious.com

    Enjoy!

  9. Re:The really distressing thing... by Anonymous Coward · · Score: 4, Interesting

    perhaps young people do understand online security better. Most of the supposed sins highlighted in the article are junk. Perhaps young people better understand the much more well thought out: http://news.slashdot.org/story/10/03/16/1931214/Users-Rejecting-Security-Advice-Considered-Rational

  10. Simple: It's not their problem. by maillemaker · · Score: 4, Insightful

    Users are careless with their workplace computers because it's not their data and they don't care what happens to it.

    --
    A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
  11. Re:Websites are responsible too by Abstrackt · · Score: 4, Funny

    My password is ********, you insensitive clod!

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  12. Re:But I thought... by Abstrackt · · Score: 5, Funny

    What I find works best is taking the first letter of every word in an easy to remember phrase. For example, "poor aunt sally slipped while out racing dogs". Er, wait...

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  13. Re:Myth of stupid people... by thePowerOfGrayskull · · Score: 4, Funny

    and want to check my e-mail while in [a?] Russian on business

    That's some business!

  14. Re:Websites are responsible too by VGPowerlord · · Score: 5, Funny

    You're right! Every time I type in ******* it shows up as *******.

    Well, DUH.

    I have auto-login turned on and now I can't remember what I set my ******** to. I think I made it something easy for me to remember, though.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  15. Posthumous passwords by scrib · · Score: 4, Interesting

    Having passwords accessible in some fashion for family in the event of death is good, but not considered very often.
    Write them down, or put them on a thumb drive in a safe... I knew most of my Dad's passwords when he died quite unexpectedly. It simplified a lot of the financial issues.

    Maybe it is a general security problem, but banks will let you do things online with a password that you'd need certified court documents and a death certificate to do in person: transfer money between accounts, pay utilities from the account. Anything that has online, recurring payments needs to be dealt with (eg NetFlix).

    My plan, as yet unimplemented, is to put all that stuff in an encrypted TrueCrypt file (on a thumb drive or unprotected PC) and give my family the password to that file.

    --
    Help! Help! I'm being repressed!
  16. Re:Myth of stupid people... by egamma · · Score: 4, Informative

    I still don't know why Microsoft and other OS makers have not bought out roboform to integrate it into their OS and change the culture over time

    That was the original idea behind "Microsoft Wallet", which turned into "Microsoft Passport", currently known as "Windows Live ID". See also: Windows Cardspace.

    --
    Battlemaster--Game with friends in medival realms
  17. Re:Websites are responsible too by Dogtanian · · Score: 4, Informative

    More like the (+1 "it's a trap!") mod, you mean.

    Obligatory bash.org quote (^_^)

    --
    "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).