People still ‘protect’ their online identity with lax passwords that have long been discredited by industry experts and even media pundits. Google Apps surveyed 2000 users and despite widespread coverage of hacking risks the usual suspects still abound – pet names, wedding anniversaries, dates of birth, children’s names and still in the top ten the old favourite the word itself ‘password’.
The lack of protection afforded by these choices is clear when 10 per cent of those surveyed admitted to having guessed a work colleague’s password to gain access to their accounts. And even more alarmingly whatever protection these secret codes could provide is lost when 48% of people actually shared a password with someone else.
Eran Feigenbaum, director of security at Google Apps, gives advice on the steps users can take to protect their security: “Simple steps such as choosing more complicated passwords, always logging out of services and considering two-factor authentication – which requires more than just a password to access your account – can make a real difference to your security online.”
Passwords have consistently been identified as the weakest link in security. More precisely the weakness lies in the fact that they are chosen by people who do not appreciate how far they are from unique.
The top ten passwords
- Pet’s name
- Significant dates (like a wedding anniversary)
- Date of birth of close relation
- Child’s name
- Other family member’s name
- Place of birth
- Favourite holiday
- Something related to a favourite football team
- Current partner’s name
- The word “password”
(Source: Google Apps)
I find this situation surprising as it seems routine for sites to require a combination of letters and numbers and many sites already give a password-rating of weak to strong. It may be worthwhile pointing out on your own site exactly what should be avoided in order to arrive at a strong password. Also you might…