Stories
Slash Boxes
Comments

SoylentNews is people

49% of Workers, When Forced to Update Their Password, Reuse the Same One With Just a Minor Change

posted by martyb on Friday December 13 2019, @03:11PM   Printer-friendly
from the https://xkcd.com/936/ dept.

An Anonymous Coward writes:

49% of workers, when forced to update their password, reuse the same one with just a minor change:

A survey of 200 people conducted by security outfit HYPR has some alarming findings.

For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.

Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.

What is so bad about changing "Password1" to "Password2"?

Original Submission

 
This discussion has been archived. No new comments can be posted.
49% of Workers, When Forced to Update Their Password, Reuse the Same One With Just a Minor Change | Log In/Create an Account | Top | 75 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by ikanreed on Friday December 13 2019, @04:55PM (2 children)

    by ikanreed (3164) Subscriber Badge on Friday December 13 2019, @04:55PM (#931752) Journal

    I used to be a "commit all passwords to memory and make them long" person, until I spent 3 years dealing with "change your password every 2 months", then my security went off a cliff. There's nothing that makes you stop caring about doing things right like mindless repetition.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by NateMich on Friday December 13 2019, @06:03PM

    by NateMich (6662) on Friday December 13 2019, @06:03PM (#931776)

    I used to be a "commit all passwords to memory and make them long" person, until I spent 3 years dealing with "change your password every 2 months", then my security went off a cliff. There's nothing that makes you stop caring about doing things right like mindless repetition.

    I agree. My new method involves using passwords that I think are funny, and usually quite derogatory.
    If we're going to play security theater, then I might as well have some fun with it.

  • (Score: 1) by Jay on Friday December 13 2019, @08:45PM

    by Jay (8679) on Friday December 13 2019, @08:45PM (#931826)

    There's nothing that makes you stop caring about doing things right like mindless repetition.

    My work still uses an antiquated phone system where we need to dial in to get our voicemail. A few years ago they decided 6 digit passwords weren't strong enough, and went to 12. So every time you dial in to check your voicemail, you need to punch in a 12 digit code flawlessly. If you fail you get kicked back to the main menu where you have to additionally dial in your 10 digit phone number and then your 12 digit password without fat-fingering anything, or you get to do that over again after the nice lady explains that you did it wrong. Or you have to hang up and re-dial your voicemail so you at least don't have to type in the phone number.

    Those of us with anything remotely resembling technical savvy simply programmed the 12 digits into an unlabeled button on our phone, and just push 1 button to authenticate.

    Seriously. If you make it hard or exceedingly irritating for me to do my job, I'm going to interpret it as damage and route around it.