Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey Shows How Stupid People Are With Passwords

Posted by CmdrTaco on from the your-password-is-trustno1 dept.

wiredmikey writes "Another study was released to today that once again shows how careless people really are online. When it comes to safeguarding personal information online, many people don't seem to care very much, or don't think enough about it. In the survey of more than 2,500 people, some interesting and scary trends were revealed in how users handle their online passwords..."

9 of 427 comments (clear)

  1. Survey Shows How Stupid People Are by Superken7 · · Score: 5, Funny

    was the "with passwords" part actually needed in the title? ;)

  2. Easy by zill · · Score: 5, Funny

    It's a bad idea to use the same password everywhere, so I just set the password as my username and pick a new username on every website.

    1. Re:Easy by zill · · Score: 5, Funny

      Hahahaha disregard that, I suck cocks.

    2. Re:Easy by Anonymous Coward · · Score: 5, Funny

      Can I have my account back, please?

  3. Password authentication is dumb by dredwolff · · Score: 5, Insightful

    So, what, we're supposed to have a different password with special characters and nothing significant to us (like dates) for each of the 150 online accounts we have? Oh, and if we write down the passwords somewhere so we don't forget them we're dumb too? Whatever! Maybe if we all had photographic memories that would be a realistic options, but there's just no way it's going to happen like that.

    It's just a crappy system, we should be using public key encryption with our private keys stored on a USB key - or some other similar scheme, where we don't have to memorize a million randomized passwords in order to not have our identity stolen.

  4. pwdhash FTW by BlackPignouf · · Score: 5, Interesting

    One very good solution is to use pwdhash:
    https://www.pwdhash.com/

    You can install it as a local plugin for Firefox or as bash/ruby scripts on your computer.
    You only need to remember one strong master password, and forget about the rest.

    You get something like this, depending on domains (no phishing!) & the length of your master password:
    +1xhTRy7T for ebay.com
    fRrL2nI7+ for amazon.com
    TYZyfI0u+ for facebook.com
    3yL+WQBF7 for skype.com
    +KwIr4FId for delicious.com

    Enjoy!

  5. Re:But I thought... by Abstrackt · · Score: 5, Funny

    What I find works best is taking the first letter of every word in an easy to remember phrase. For example, "poor aunt sally slipped while out racing dogs". Er, wait...

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  6. Re:Websites are responsible too by VGPowerlord · · Score: 5, Funny

    You're right! Every time I type in ******* it shows up as *******.

    Well, DUH.

    I have auto-login turned on and now I can't remember what I set my ******** to. I think I made it something easy for me to remember, though.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  7. Re:What about logging in over public WiFi? by Sancho · · Score: 5, Insightful

    Came here to say this. The article talks about how stupid these practices are, but there are reasonable reasons for doing most of them.

    Nearly as many people use the same password to log into multiple Web sites, which could expose their information on each of the sites if one of them becomes compromised. (A separate recent study revealed that 75% of people use the same password for Social Networking Sites and their email accounts)

    I reuse passwords because it's simply not possible for me to remember more than about 20 password/username/site tuples. I have a password "scheme" that I use to make memorable passwords, but I have to deal with sites which:
    - Have restrictions on the username that means I can't use my normal one
    - Already has my usual username taken
    - Have restrictions on the characters/length of the password
    etc.

    So I have a few throwaway passwords that I don't care about, and I use those most places where I don't care if the account gets compromised. Why do I care if someone gets access to my deepdiscountdvd account?

    Almost half of all users never use special characters (e.g. ! ? & #) in their passwords, a simple technique that makes it more difficult for criminals to guess passwords.

    Password complexity is complex. What's better, an 6 character password with special characters or a 13 word phrase? Using a special symbol is not a panacea of password security.

    12 percent have shared a password in a text message (vs. 4 percent overall)

    It depends upon how important that password is, but in general, I'm not worried about people sniffing my SMS messages. If I'm going to share a password with someone, I generally consider that password to be useless anyway.

    Passwords are forgotten occasionally, often or always by over half of consumers (51 percent).

    No kidding? I thought it would be higher. I guess the main reason it's not higher is because people re-use passwords.

    I use "access to my e-mail address" as my credential for a lot of sites, when I can't be bothered to remember the password or store it in my keepass database (which, itself, has about 50 passwords in it.)

    86 percent do not check for a secure connection when accessing sensitive information when using unfamiliar computers

    Ever, or sometimes? I mean, some sites don't even use SSL for authentication (*coughcough*)

    14 percent never change their banking password.

    If you use a good password, and you assume that the bank itself hasn't been compromised, why change it?

    Overall, the article seems fairly useless.