Slashdot Mirror

← Back to Stories (view on slashdot.org)

51% of Computer Users Share Passwords

Posted by Unknown on from the rm-rf-/-of-shame dept.

An anonymous reader writes Consumers are inadvertently leaving back doors open to attackers as they share login details and sign up for automatic log on to mobile apps and services, according to new research by Intercede. While 52% of respondents stated that security was a top priority when choosing a mobile device, 51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues. The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.

25 of 117 comments (clear)

  1. Logged in to email? by NoImNotNineVolt · · Score: 4, Informative

    The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.

    Yes, god forbid people "leave themselves logged in" to their email accounts on their mobile device. I guess we're not supposed to use push email but instead enter our email passwords into our phones every few seconds to get timely email alerts?

    It's too bad that the cell network itself lacks any meaningful security mechanisms. I mean, if someone gets a hold of your phone, they can just start texting and calling without having to "log in" on the network at all. It's amazing that the world hasn't collapsed as a result.

    --
    Chuuch. Preach. Tabernacle.
    1. Re:Logged in to email? by jandrese · · Score: 3, Informative

      It is actually required by law to be there. All phones must be capable of making an emergency call without being unlocked.

      --

      I read the internet for the articles.
    2. Re:Logged in to email? by Anonymous Coward · · Score: 2, Insightful

      No, the "thief" will just remove your SIM card and put it into their phone before calling all sorts of nefarious 1-900 numbers or otherwise charge money onto your phone-place. The GP assertion is correct that "It's too bad that the cell network itself lacks any meaningful security mechanisms."

    3. Re:Logged in to email? by Chris+Mattern · · Score: 2

      It would really surprise me if your Android phone *doesn't* have this feature, because it *is* required by law. Mine certainly has it.

    4. Re:Logged in to email? by Frobnicator · · Score: 2

      It would really surprise me if your Android phone *doesn't* have this feature, because it *is* required by law. Mine certainly has it.

      This is one of those funny cases were people accidentally out themselves as not securing their phone.

      The phones legally must display it in most countries, but only if the phone is locked or password protected. If there is no password required to get in, just a "swipe to unlock" rather than a security system, the button does not appear.

      Lack of emergency call button == unsecured smart phone.

      (Or a fairly old phone, or a hacked phone that breaks the law in many nations.)

      --
      //TODO: Think of witty sig statement
    5. Re:Logged in to email? by tlhIngan · · Score: 3, Informative

      Ah. I could have sworn that when I set up proper locking mechanisms on the phone that there wasn't any option to call. I just tried it again, though, and there is an "Emergency Call" text. For a test, I tried using my cell phone to call my work number and it said that this number wasn't an emergency number. My next question would be how would I specify certain emergency numbers? (This way, if my child has my phone and needs to call a relative that they know the number of, they can without having to know my unlock code and thus having full access to the phone.)

      You can't.

      The emergency call is for calling emergency numbers. It's a small list - 911, 999, 111, 122, etc. In fact, I think on modern cellphones, you can call ANY emergency number and it'll connect you to emergency services. So in North America, if you dial 999 (Europe emergency) you will connect with 911 automatically - the phone interprets the number as emergency and basically does a emergency dial (it's a special control code so the tower will kick someone off if it needs to in order to connect you).

      It's not a huge list of numbers, and it's coded into the software as it has to recognize if you're calling emergency services and to place it as a high-priority call on the network.

      And no, it doesn't include your relatives number - that's not the intent. The intent is to be able to make a call to emergency services regardless of lock screen status, service status, etc. (It's how those used cellphone charities work - they collect deactivated cellphones for people so they have a way to get to emergency services).

  2. I definitely share password with family by mccalli · · Score: 4, Insightful
    Specifically, with my wife. If I'm ever in the proverbial hit-by-a-bus scenario, there are accounts she will definitely need to know and access.

    Whilst technically correct that this increases risk of the password being revealed, it is an absolute necessary of an overall risk reduction strategy for online accounts (cancelling bills etc.).

    1. Re:I definitely share password with family by Chris+Mattern · · Score: 2

      The *right* way to cover the "hit-by-a-bus" scenario is to put all your passwords into an encrypted repository, and only give your wife the password to the repository. Ideally, the repository should then be placed in a safety deposit box that can't be accessed outside of the hit-by-a-bus scenario, but that would admittedly be an extra expense and arguably overkill.

    2. Re:I definitely share password with family by makq · · Score: 5, Funny

      I assume your wife is not a bus driver, right? If so, your password repo might give her extra incentive.

    3. Re:I definitely share password with family by nbauman · · Score: 2

      Ideally, the repository should then be placed in a safety deposit box that can't be accessed outside of the hit-by-a-bus scenario, but that would admittedly be an extra expense and arguably overkill.

      The problem with a safe deposit box is:

      (1) The survivor needs to be authorized to access the safe deposit box after death, and then needs a death certificate. http://www.ehow.com/how_579095... You're letting the bank decide who gets access to your passwords.

      (2) Anybody with a judge's order can also access the safe deposit box, even if the owner isn't dead. So a safe deposit box isn't a good place to keep your Swiss bank account passbook, or anything else you don't want the government or the adverse party in a lawsuit to get.

  3. sigh by retchdog · · Score: 2

    the overwhelming amount of real danger is from database compromises, which this has almost (almost!) nothing to do with.

    smells like fud to keep people from sharing their paid services with friends and family. fuck that.

    --
    "They were pure niggers." – Noam Chomsky
  4. Re:I do not by alphatel · · Score: 3, Informative

    49percent

    That's my password...

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
  5. NEWS FLASH!!! by jddeluxe · · Score: 2, Insightful

    51% of people on the internet are stupid, details at 11....

    1. Re:NEWS FLASH!!! by Anonymous Coward · · Score: 2, Insightful

      Or... and this may sound zany but hear me out. Maybe 51% of people did a risk/benefit analysis and decided that giving someone there password was actually beneficial for them.

    2. Re:NEWS FLASH!!! by gmhowell · · Score: 2

      Or... and this may sound zany but hear me out. Maybe 51% of people did a risk/benefit analysis and decided that giving someone there password was actually beneficial for them.

      Not possible. Only people who use devices in exactly the same manner as that proscribed by a /. nerd can be beneficial. (No wireless, less space than a Nomad...)

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
  6. passwords on the device/session level, not app by tverbeek · · Score: 5, Insightful

    Of course I leave the apps on my phone "logged in"; that's how they're supposed to work. Obviously this only makes sense if there's a password to access my phone (or on my account if the device supports them), but if not, it's the lack of password on my phone that marks me as a security-oblivious idiot, not the fact that I'm using the apps as they were designed to work.

    --
    http://alternatives.rzero.com/
  7. Not Insecure by pavon · · Score: 4, Insightful

    The purpose of security is to prevent unauthorized people from accessing the account. There are tons of accounts that are legitimately shared, and there is nothing wrong with sharing passwords in those situations, if the account doesn't have any technical mechanism to allow for multiple users/profiles on a single account. For example bank accounts, utilities, Netflix, Hulu, wireless router administration, all have been shared accounts with my wife (some have since added profiles, but not all).

    Furthermore, even with accounts that we keep separate, like email, there are useful reasons to share the password, like when my wife is away from internet at work and wants me to print a boarding pass that was emailed to her. Sure I could snoop through her email, but I don't just like I could snoop through her purse or journal, but I don't.

  8. Encouraged by a lot of places. by timrod · · Score: 3, Interesting

    A lot of the bigger, more frequently-used services actually encourage this. The best example I can think of is Netflix, which allows you to have separate profiles for family members but requires that everyone use the same user/pass to log in. I don't know why they couldn't just have individual passwords for the same account - at least that way I could avoid my mom trying to get everyone in the family to watch Sherlock ("Oh, I didn't see it on your watched list! You should try it!").

    Amazon's Kindle app does pretty much the same thing, though it's not directly encouraged - you can log into your Kindle account from several different devices at once, effectively allowing people to share their books with anyone they trust enough. I think this is actually worse than Netflix, because most of the time you're using the Kindle app on a mobile device that can easily be lost or stolen.

    The only company I've seen do sharing well is Valve, which has Steam Family Sharing that allows you to "lend" people your account without actually needing to tell them your password.

  9. Re:90% of people are retarded by Wycliffe · · Score: 2

    I'm also surprised it's not higher but not because people are stupid but because there are a bunch of different use cases.
    Even if the bank allows it, what advantage does a husband/wife have to create separate logins for a joint account?
    There are plenty of people that share accounts. There might be a sales email address that multiple people in an office take turns checking.
    I know quite a few husband/wife pairs that share a single facebook account and I even know a few that share a single email address.
    It's not because they're stupid but rather if one or both of them is a light user then it's easier to just have everything in one place.
    There are also plenty of not-so-important accounts that people don't really care about and leave the password on a post it note or use 123123 as
    the password because there is nothing of importance there and even if someone bothered to hack it, they wouldn't really care.

  10. Re:Android makes this worse. by cr_nucleus · · Score: 3, Informative

    Don't know what version you're running but android does support multiple accounts since 4.2.
    I've being enjoying it for a while now.

    AFAIK it's the only mobile OS doing so.

  11. and... by Anonymous Coward · · Score: 2, Insightful

    and 49% of people lie about sharing their passwords

  12. Elderly family members passwords by bigmike_f · · Score: 3, Insightful

    Sometimes sharing the passwords of those less technically savvy with those with better skills is necessary and would skew these numbers. Knowing Grandpa's gmail password has helped a lot.

  13. meaningless stat... by Karmashock · · Score: 2

    just because family members share passwords doesn't mean its insecure. I know the password to most of my parents email and accounts. But so what... I won't do anything they wouldn't approve of and know them well enough to know what they would and would not approve of... so who cares.

    And as to companies... most of them are small and medium sized businesses that have overlapping responsibilities. In those cases, SOME people know some passwords. But rarely does everyone in the office know all the passwords.

    Its not unreasonable.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  14. Re: 90% of people are retarded by Wycliffe · · Score: 2

    If a divorce happens, then having a joint login isn't really a problem as you already
    both have access to the money. So you both can log in and see that the other person
    already emptied the account. No need to worry about changing the password.

    Same with mortage accounts. The fact that the login/password is shared is less
    important that the fact that you own a house together. The login/password is
    usually only useful for paying the bill and not much else anyways.
    It seems pointless to have 2 separate login/passwords and even stupider if
    those 2 separate login/passwords can't see each other's payment histories.

  15. Re: 90% of people are retarded by bws111 · · Score: 3, Insightful

    What an idoitic statement. First, if something has a 50% chance of happening then it is certainly not 'inevitable'. Second, divorce is not a random event, so comparing it to a coin toss is exceedingly stupid. Passwords aside, we already 'share accounts'. We have joint checking and savings accounts, a joint mortgage, joint ownership of the house, joint ownership of a timeshare, file joint tax returns, etc. What is so different about joint online accounts? Nothing.