Users and IT Lax about Password Security

After years of warning users about making sure their passwords aren’t

easy to guess or left on Post-It notes stuck to their monitors, it seems

the message still hasn’t gotten through.

A new survey by Sophos, Inc., an anti-virus and anti-spam company with

U.S. headquarters in Lynnfield, Mass., shows that users — and many IT

professionals themselves — aren’t using passwords properly, putting

their computers and the company network at risk.

”It shows that there’s still a lack of education,” says Carol

Theriault, a senior security consultant for Sophos. ”Of course, people

need to be thinking about firewalls and anti-virus, but they need to

think about passwords, too. With so many websites asking people for

passwords now, everything thinks they can’t remember them all. They just

use the same one. And then there are the people who think their password

is so good, so tricky that no one will figure it out. And that’s just not

the case.”

According to the Sophos survey, which was conducted online by visitors to

the company website, only 14 percent of respondents never use the same

password twice. Forty-one percent use the same password for every website

”all the time”, and 45 percent have ”a few different passwords”.

Theriault says what makes this survey even more alarming is the fact that

most people visiting the Sophos site at least have an interest in

security — and many of them are IT and security professionals. This

means even the pros aren’t as concerned or diligent about their passwords

as they should be.

”I found it surprising. This isn’t what I expected,” says Theriault.

”We are a security website and you’d expect people who are security

minded to have a better handle on this. From a business standpoint, an

administrator might want to try to decipher employee passwords and then

go tell people that their passwords aren’t secure enough. You’re

[network] is only as strong as the weakest employee in your company.”

Joe Wilcox, an analyst with JupiterResearch, says he’s one of the

majority of people who don’t generally use different passwords on

different websites. He says he feels confident because he uses a password

that he thinks would be hard to crack.

”For most sites, I have one password that I use,” he says. ”Of course,

it’s 14 characters long. It’s a mix mash of stuff that most people

wouldn’t be able to figure out.” And Wilcox says he’s safer because

while he uses the same password over and over, he mixes up the user name

on many sites, and he has a separate — more complex — password for any

financial or banking websites.

And Theriault says that’s a key step to take.

She recommends that people separate the websites they visit into three

different categories. There are basic websites where people might check

football scores or get recipes. Those are generally low-risk sites so

it’s more acceptable to use the same password for those sites. However,

for any corporate situation, people need to use a different, and more

complicated password. ”I don’t want someone to log in as me and send my

boss a resignation letter or steal confidential information from the

company,” she adds.

And for any financial sites — banking, mortgages, credit cards, stocks

— the password needs to be different from all your others and it needs

to be long and complex, including both letters and numbers, upper and

lower cases.

Wilcox recommends that people make sure their passwords aren’t too simple

or easy to guess with casual knowledge of the person.

”My concern is that people tend to pick stuff that is too easy to

remember,” he adds. ”People tend to do their kids birthdays and other

important dates — things that could be figured out with a little social

engineering. That’s no good… It only takes one site, one figured out

password, to hit the goldmine.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020