First, here's the story that prompted this thread...
Quote:
Passwords revealed by sweet deal
More than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found.
It also showed that 34% of respondents volunteered their password when asked without even needing to be bribed.
A second survey found that 79% of people unwittingly gave away information that could be used to steal their identity when questioned.
Security firms predict that the lax security practices will fuel a British boom in online identity theft.
Security shock
The survey on passwords was carried out for the Infosecurity Europe trade show due to take place at Olympia in London from 27-29 April.
The survey data was gathered by questioning commuters passing through Liverpool Street station in London and found that many were happy to share login and password information with those carrying out the research.
As well as people simply telling the questioners their passwords or saying they would hand them over in exchange for some confectionery, a further 34% revealed the word or phrase they used when asked if it had anything to do with a pet or child's name.
Family names, pets and football teams were all used by those questioned to provide inspiration for a password.
The survey found that, on average, people have to remember four passwords, though one unlucky respondent had to remember 40.
Many adopt very unsafe tactics to remember these login names. Some of those questioned simply use the same password for every system they must log on to.
Those that used several passwords often wrote them down and hid them in a desk or in a document on their computer.
Almost all of those questioned, 80%, said they were fed up with passwords and would like a way to login to work computer systems.
Stolen goods
A separate survey carried out for RSA Security found further evidence of the lax password and security habits of Britons.
It found that many people volunteered important personal information, such as their mother's maiden name or their own date of birth, when questioned during a street survey.
Such information is coveted by identity thieves as these facts are often used by sites as security checks.
The RSA survey found that maintaining online identities is becoming a burden for many people who, on average, use 20 sites that require them to register and then log on afterwards.
To make these different online personas easy to manage, two-thirds use the same password for all the different sites.
Of those questioned 33% said they shared passwords or wrote them down to make it easy to remember which one to use on which website.
"We are amazed at the level of ignorance from consumers on the need to protect their online identity," said Tim Pickard, spokesman for RSA Security.
Tony Neate, from the National Hi-Tech Crime Unit, said the British economy loses millions of pounds a year as a result of identity fraud.
"This can only increase if people do not become more aware of their responsibilities to protect their virtual identities," he said.
REF: http://news.bbc.co.uk/2/hi/technology/3639679.stm
|
I recently ran a project for a very large company implementing a "strong complex password policy". We had to manage the update of over 50,000 accounts over a period of five days. Introducing such a policy (long passwords, with a mixture of lower case, upper case, numerical and extended characters and no dictionary words) greatly increases the security. I can't really go into too much more detail, but suffice it to say that mitigating security vulnerabilities forms a fundamental part of my job.
So, this coupled with the story above, got me to wondering about my fellow TFPers.
Would YOU share your password like those discussed above?
Do YOU have a secure password?
Do YOU use a dictionary word for a password?
Has one of YOUR passwords ever been compromised?
Do YOU share a password across multiple services?
Mr Mephisto