SoylentNews is people
SoylentNews
49% of workers, when forced to update their password, reuse the same one with just a minor change:
A survey of 200 people conducted by security outfit HYPR has some alarming findings.
For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.
Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.
What is so bad about changing "Password1" to "Password2"?
(Score: 5, Insightful) by tangomargarine on Friday December 13 2019, @04:08PM (4 children)
they could stop forcing you to change your password every month, to one you've never used before.
Make your password sufficiently good and then just leave it.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 5, Insightful) by ikanreed on Friday December 13 2019, @04:55PM (2 children)
I used to be a "commit all passwords to memory and make them long" person, until I spent 3 years dealing with "change your password every 2 months", then my security went off a cliff. There's nothing that makes you stop caring about doing things right like mindless repetition.
(Score: 2) by NateMich on Friday December 13 2019, @06:03PM
I agree. My new method involves using passwords that I think are funny, and usually quite derogatory.
If we're going to play security theater, then I might as well have some fun with it.
(Score: 1) by Jay on Friday December 13 2019, @08:45PM
My work still uses an antiquated phone system where we need to dial in to get our voicemail. A few years ago they decided 6 digit passwords weren't strong enough, and went to 12. So every time you dial in to check your voicemail, you need to punch in a 12 digit code flawlessly. If you fail you get kicked back to the main menu where you have to additionally dial in your 10 digit phone number and then your 12 digit password without fat-fingering anything, or you get to do that over again after the nice lady explains that you did it wrong. Or you have to hang up and re-dial your voicemail so you at least don't have to type in the phone number.
Those of us with anything remotely resembling technical savvy simply programmed the 12 digits into an unlabeled button on our phone, and just push 1 button to authenticate.
Seriously. If you make it hard or exceedingly irritating for me to do my job, I'm going to interpret it as damage and route around it.
(Score: 2) by Joe Desertrat on Sunday December 15 2019, @12:09AM
This is the ideal that unfortunately is not followed by too much of the user world. A tech oriented person (usually) realizes this and can be trusted to come up with a secure password and memorize or at least hide it well.
When you deal with the likes of sales managers, you end up with problems either way. Their self chosen passwords are so easy they need to be forced to change them frequently, or if they are forced to use difficult passwords, they end up writing them on a sticky note which they place on their computer. I don't think they realize that passwords are for security purposes, they just think they are something you have to do when you use a computer.