Tuesday, August 3, 2021

Users and IT Lax about Password Security

After years of warning users about making sure their passwords aren’t

easy to guess or left on Post-It notes stuck to their monitors, it seems

the message still hasn’t gotten through.

A new survey by Sophos, Inc., an anti-virus and anti-spam company with

U.S. headquarters in Lynnfield, Mass., shows that users — and many IT

professionals themselves — aren’t using passwords properly, putting

their computers and the company network at risk.

”It shows that there’s still a lack of education,” says Carol

Theriault, a senior security consultant for Sophos. ”Of course, people

need to be thinking about firewalls and anti-virus, but they need to

think about passwords, too. With so many websites asking people for

passwords now, everything thinks they can’t remember them all. They just

use the same one. And then there are the people who think their password

is so good, so tricky that no one will figure it out. And that’s just not

the case.”

According to the Sophos survey, which was conducted online by visitors to

the company website, only 14 percent of respondents never use the same

password twice. Forty-one percent use the same password for every website

”all the time”, and 45 percent have ”a few different passwords”.

Theriault says what makes this survey even more alarming is the fact that

most people visiting the Sophos site at least have an interest in

security — and many of them are IT and security professionals. This

means even the pros aren’t as concerned or diligent about their passwords

as they should be.

”I found it surprising. This isn’t what I expected,” says Theriault.

”We are a security website and you’d expect people who are security

minded to have a better handle on this. From a business standpoint, an

administrator might want to try to decipher employee passwords and then

go tell people that their passwords aren’t secure enough. You’re

[network] is only as strong as the weakest employee in your company.”

Joe Wilcox, an analyst with JupiterResearch, says he’s one of the

majority of people who don’t generally use different passwords on

different websites. He says he feels confident because he uses a password

that he thinks would be hard to crack.

”For most sites, I have one password that I use,” he says. ”Of course,

it’s 14 characters long. It’s a mix mash of stuff that most people

wouldn’t be able to figure out.” And Wilcox says he’s safer because

while he uses the same password over and over, he mixes up the user name

on many sites, and he has a separate — more complex — password for any

financial or banking websites.

And Theriault says that’s a key step to take.

She recommends that people separate the websites they visit into three

different categories. There are basic websites where people might check

football scores or get recipes. Those are generally low-risk sites so

it’s more acceptable to use the same password for those sites. However,

for any corporate situation, people need to use a different, and more

complicated password. ”I don’t want someone to log in as me and send my

boss a resignation letter or steal confidential information from the

company,” she adds.

And for any financial sites — banking, mortgages, credit cards, stocks

— the password needs to be different from all your others and it needs

to be long and complex, including both letters and numbers, upper and

lower cases.

Wilcox recommends that people make sure their passwords aren’t too simple

or easy to guess with casual knowledge of the person.

”My concern is that people tend to pick stuff that is too easy to

remember,” he adds. ”People tend to do their kids birthdays and other

important dates — things that could be figured out with a little social

engineering. That’s no good… It only takes one site, one figured out

password, to hit the goldmine.”

Similar articles

Latest Articles

Data Belongs in the...

In 2012, IBM made an oft-quoted claim that 90 percent of the world's data has been created in the last two years. They grossly...

Google Cloud Rolling Out...

WASHINGTON, D.C. — Google Cloud is helping the government sector with zero trust. The set of services are designed to help U.S. federal, state, and...

CFOs Committing to Digital...

STAMFORD, Conn. — More CFOs are planning to increase their spending on digital than any other part of the business in 2021. Eighty-two percent of...

SAP and IBM Partnering...

WALLDORF, Germany and ARMONK, N.Y. — SAP and IBM are working together to help financial institutions accelerate cloud adoptions and “modernize operations.” SAP plans to...