Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday December 13 2019, @03:11PM   Printer-friendly
from the https://xkcd.com/936/ dept.

49% of workers, when forced to update their password, reuse the same one with just a minor change:

A survey of 200 people conducted by security outfit HYPR has some alarming findings.

For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.

Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.

What is so bad about changing "Password1" to "Password2"?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by pipedwho on Saturday December 14 2019, @07:08AM

    by pipedwho (2032) on Saturday December 14 2019, @07:08AM (#931972)

    2 years ago I ran an analysis for a company on the password choices people used when forced to change passwords every 6 months. It was around 90% of people that used simple changes - 85% of people that were there for a less than a couple of years, and about 95% for people that had been there for longer. This was only possible because of the ridiculously insecure systems in place that the company used to store user passwords.

    I have no idea how the survey in the article was done, but it's pretty clear that people have no idea how insecure their 'changes' really are. Some people think that changing the number at the beginning and the end is more secure than just changing a number at the end. So when asking people, you'll end up with a lot of people thinking they are doing something secure, when in reality it is easily guessable - at far far far far far less of an entropy change than choosing a new high quality randomly generated password.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2