49% of workers, when forced to update their password, reuse the same one with just a minor change:
A survey of 200 people conducted by security outfit HYPR has some alarming findings.
For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.
Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.
What is so bad about changing "Password1" to "Password2"?
(Score: 0) by Anonymous Coward on Friday December 13 2019, @07:59PM (1 child)
Suppose I write the password on a piece of paper. I can do that. The paper then instantly becomes TOP SECRET//SCI//SAP and must be secured. The paper must get classification markings, must be described in a database to track the location, and must be secured in a safe. That safe has a digital combo lock with a password, and it is in a room with another digital combo lock with a different password. Opening the room or the safe requires writing an entry in a security log. Auditors will randomly ask to see things in that database, verifying that nothing has gone missing.
So that just made things worse.
Password managers would get the same treatment, but the company bans them. They are too difficult to shred into fine powder.
(Score: 2) by maxwell demon on Friday December 13 2019, @08:42PM
With that policy, I would advise you not to store the password in your head. I think having your head shred into fine powder wouldn't be a too pleasant experience. :-)
The Tao of math: The numbers you can count are not the real numbers.