49% of Workers, when Forced to Update their Password, Reuse the Same one with Just a Minor Change

posted by martyb on Friday December 13, @03:11PM   Printer-friendly
from the https://xkcd.com/936/ dept.
Security

An Anonymous Coward writes:

49% of workers, when forced to update their password, reuse the same one with just a minor change:

A survey of 200 people conducted by security outfit HYPR has some alarming findings.

For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.

Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.

What is so bad about changing "Password1" to "Password2"?

Original Submission


(1)

  • (Score: 2) by RS3 on Friday December 13, @03:21PM (1 child)

    by RS3 (6367) on Friday December 13, @03:21PM (#931711)

    What is so bad about changing "Password1" to "Password2"?

    Nothing at all if you want your account accessed by others.

    Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable.

    What, pray tell, is that something? LogMeIn? Browser-based auto logins? Post-It notes?

    A good friend of mine prints his passwords- the ones he doesn't care about like work-related- on bar-code and uses a bar-code scanner. It's pretty well hidden and few know he does it, and he's pretty cynical about his job so if someone figures it out he'll just enjoy the show.

    • (Score: 2) by Runaway1956 on Friday December 13, @03:33PM

      by Runaway1956 (2926) Subscriber Badge on Friday December 13, @03:33PM (#931717) Homepage Journal

      They need to just do away with passwords. And fingerprints, and retina scans, and all the rest. The computer should demand a semen sample, to compare DNA.

      "No, seriously, I'm not the wanker you take me for, I'm just trying to get into my computer!"
      "Dude, I've heard it called a lot of things, but I've never heard a vagina referred to as a computer."

      Anyway, iterative passwords. The shared computer at work was set up with "Welcom01", and we're now six days away from changing the password to "Welcome22". A little social engineering reveals that all the other computers have the same password, plus or minus a couple iterations. If I'm around when it reaches 99, and due to change, I think I'll start over at "Welcome00" just to screw with people's minds.

