The Problems with Passwords

****** THE PROBLEMS 'PASSWORDS WITH More and more of our lives takes place online meaning that we are trusting more and more of our personal information to the cloud. Unfortunately, it seems, we have still not learned how to protect ourselves. A study of over three hundred people ranging from high school students to adults was conducted in mid 2011 into the mistakes made by users that compromise their online security. The results of this study are illustrated below. THE STUDY* Volunteers were asked to The data submitted was The participants were sign up for ten different online services. asked to retum a week 10 intercepted by custom software. No personal info was stored; only certain details relating to the users' login info were later. This time they had to log into the accounts they had created with the login details they had previously chosen. collected. Aol. YAHOO! PayPal blekko amazon.com facebook twitter posterous Qwiki su StumbleUpon THE RESULTS PASSWORD STRENGTH 123456 Passwords that contain a 17% consecutive sequence of characters such as "123456". Passwords that do not contain a consecutive sequence of characters. 83% Passwords that do not contain 111111 12% a repetition of characters. Passwords that contain a 88% repetition of characters such as "111111". abc123 Passwords that do not consist 39% of letters and numbers. Passwords that consist of a combination of letters and 81% numbers. abcABC |13% Passwords that consist of upper and lower case letters. Passwords that do not 87% consist of both cases. $#&!@ Passwords that contain special charcters such as "$", "#", "&" and"@". 92% Passwords that do not contain special characters. cat Passwords that do not contain dictionary words such as "cat" or "password". | 32% Passwords that contain dictionary words. 68% The Wordnik API was used to test passwords for dictionary words. >> http://developer.wordnik.com SUMMARY This following graph is a summary of the charts above. It shows the number of recommended security practices or features used in the passwords chosen by participants: Not shown: 0.13% Passwords with 0 security features. 5% Passwords with 1 security feature. 46% Passwords with 2 security features. 34% Passwords with 3 security features. 10% Passwords with 4 security features. 4% Passwords with 5 security features. Not shown: 0.71% Passwords with 6 security features. A lack of special characters and other security features in a password can be mitigated by choosing a password of sufficient length. 8. characters However, the average password chosen by participants in the study was only in O iength. PASSWORD UNIQUENESS 2% Percentage of people who used unique passwords for all their accounts. 65% Percentage of people who used unique passwords a portion of the time. 32% Percentage of people who used the same password across all their accounts. 2% By using the same password for all your accounts, you are making it exponentially easier for malicious people to gain access to your personal data. If one of your accounts is compromised, the attacker can access all your other 65% 32% accounts as well. PASSWORD MEMORABILITY Accounts that were logged into successfully. After creating their accounts, the study participants had to log into them. After only a week, most users could not remember 39% their passwords. 61% Accounts that could not be logged into by the user. 4% Participants who successfully logged into all of their accounts. Participants who did not successfully log into all of their accounts. 96% CONCLUDING REMARKS* Passwords are flawed. Users do not choose secure passwords even after being told to do so by websites and security professionals. They re-use their passwords across multiple websites, opening themselves up to attackers. And despite this, they fail to remember them. We need a different authentication model on the web-one that protects us without requiring us to be perfect. www.jsnyman.com Copyright © 2012 Juan Snyman. All rights reserved. All trademarks are the property of their respective owners.