Staying Secure: Keeping Passwords Safe

Staying Secure: Keeping Passwords Safe Password Creation *********** *** A password is not immune from cracking simply by virtue of being long The average password is 9.57 characters in length 62% of users create and use passwords that are 8-10 characters long 44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more Factors in Password Creation ab STRENGTH & SECURITY ***** ****** EASY TO REMEMBER ********* Majority of users choose passwords that contain lower case letters only (i.e. no uppercase, digits, or special characters) unless forced to do otherwise SITE REQUIREMENTS ***** EASY TO ENTER ** NONE OF THESE Vulnerability in Managing Passwords **** ******* •.... .. LOGIN The average user has 6.5 passwords, each of which is shared across 3.9 51% of the users reported that they require IT help to access their applications because they forgot their passwords Each user has about 25 accounts that require passwords , and types an average of 8 passwords a day different sites. 73% of consumers often overlook the security consequences that can result from reusing passwords across multiple sites 54% More than half of Internet users have 5 passwords or less My Passwords 61% Three Fifths ***** of Internet users ******** re-use passwords on multiple websites 55% of users reported that they wrote their passwords down at least 18% of employees share passwords with co-workers once and that 9% of all users write every password down Consequences of Weak/Mishandled Passwords ***** 21% of consumers have had an online account compromised Those with annual incomes of $100k and above are more likely to be compromised through a company breach than other income brackets 70% Less than $25k of IT professionals believe the use of unauthorized programs resulted in as any as half of their companies' data loss incidents $25k - $49,999 $50k - $74,999 $75k - $99,999 $100k+ RESOURCES: http://research.microsoft.com/pubs/74164/www2007.pdf PCHealth Boost https://cups.cs.cmu.edu/soups/2010/proceedings/az_shay.pdf https://www.csid.com/wp-content/uploads/2012/09/CS_PasswordSurvey_FullReport_FINAL.pdf www.pchealthboost.com http://arstechnica.com/security/2013/06/password-complexity-ules-more-annoying-less-effective-than-length-ones/ http://wwww.cisco.com/c/en/us/solutions/colateral/enterprise-networks/data-loss-prevention/white_paper_c11-499060html