Survey: 60 percent of users use the same password across more than one of their online accounts

Survey: 60 percent of users use the same password across more than one of their online accounts

Summary: How often do you change your password? Do you share your passwords with family members, and how confident are you that malicious attackers wouldn't be able to guess your password?

SHARE:
TOPICS: Telcos
12

How often do you change your password? Do you share your passwords with family members, and how confident are you that malicious attackers wouldn't be able to guess your password?

According to a newly published survey results, 60 percent of users use the same password across more than one of their online accounts.

More findings from the survey which sampled 1000 Australians:

  • Over three quarters (77%) of Australians have more than three online passwords
  • Nearly all (90%) of Australians are confident others wouldn’t be able to guess their online passwords
  • Nearly two thirds (60%) of Australians use the same password across more than one of their online accounts
  • Almost half (48%) of Australians only change their password when required to by a system
  • Nearly half (42%) of Australians have shared their password with a friend, family member or work colleague
  • Over a third (36%) remain logged into their online accounts

Nowadays, cybercriminals rarely brute force their way into a user's account, even though the CAPTCHA-solving process can be easily outsourced. Instead, they rely on data mining of malware-infected hosts for stolen credentials. The data is later on used for spreading of malicious code, or for active spamming purposes.

Just how important is to change your passwords regularly? Depends on the perspective. Whereas the more often you change a password, the higher the probability that a malicious attacker that's actively data mining botnets, will be left with outdated data, changing your password on a malware-infected host is pointless, as the malicious attacker would once again obtain access to your accounting data.

Go through related posts:

How do you deal with your passwords overload? Do you write theme down, or conveniently store them in digital format? How often do you change them, and do you use the same password across multiple web properties? Do believe that strong passwords in a  world dominated by malware infected hosts are worth it?

Talkback.

Topic: Telcos

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • RE: Survey: 60 percent of users use the same password across more than one of their online accounts

    If you have over 300 sites with passwords you probably re-use some of your passwords. What is worse, re-using some passwords or putting all of your unique passwords in one big file?
    mswift@...
    • RE: Survey: 60 percent of users use the same password across more than one of their online accounts

      @mswift@... Use a reputable password manager and assign a single complex password to it. Some password managers, like the free KeePass, will allow two factor authentication (e.g., a password PLUS a key file) for added security. Then you use your password manager to generate strong passwords, unique to each site.

      Sure, IF someone finds your password PLUS your "key file", they have ALL your passwords. But how much worse is that compared to using the similar or same password on dozens of sites?
      bmgoodman
      • RE: Survey: 60 percent of users use the same password across more than one of their online accounts

        @bmgoodman
        Critical sites that deal with personal information or money have unique passwords that are not stored in any file on the computer. For the sites that require registration to read and/or post I might use one password for car sites, one for camera sites, one for EV sites, etc.
        mswift@...
  • C'mon! Do I really need a secure password for a magazine site?

    People use repetitive (and/or easy to remember) passwords because every damn site on the internet requires a password, no matter how trivial the information presented! Example: http://www.maximumpc.com/
    I just want to look at some past issues. The site does not ask me to verify I am a paid subscriber, it just demands I create a "strong" password. When I plug in my choice of three different passwords, the site decides a "Medium strength" password is not good enough. It requires a minimum of upper/lower case, special characters, etc, etc. Why? Why does every site need a password to sign in, including this one? If I am not using my credit card to transact business, or accessing confidential information, why does Zdnet.com require me to sign in at all, much less acquire a "free registration" and create a password? U.S. Government sites are even worse!
    sonnystarks
  • Sure, why not.

    there is no problem with using the same pw for sites that have little or storing nothing about oneself, including your real name.
    databaseben
  • Why not?

    I use similar passwords for majority of the forums I have an account in. They've got no information that's in my "<i>Sensitivity List</i>" ;)
    MrElectrifyer
  • RE: Survey: 60 percent of users use the same password across more than one of their online accounts

    You have to weigh carefully the pros and cons of a strong or weak password, then apply it intelligently (I know, too damn difficult).<br>1. All the sites, like yours, which require a login just to keep track of users and control trolling and spam to a certain extent, should be content with weak passwords. I use the same password for all, when possible<br>2. All sites which involve a certain level of confidentiality or involve financial transactions, should require strong passwords, with a minimum amount of characters<br>3. All sites requiring maximum security like highly confidential and e-banking sites, should employ high-level security, like one-time code lists, calculator-like code generators or, better, dongles capable of providing a highly secure VPN connection between the remote user's computer and the site. Authentication at the dongle-level is still a weak spot, but it would come up only if the dongle and the card which it employs + the credentials of the user are all stolen at the same time. Can happen but, with a bit precaution, it's relatively unlikely.<br><br>Compelling users to use very complex passwords and change them frequently, when top level security is not required, is pure idiocy, as it's guaranteed that the user will NOT remember the password. Which means that he/she will note it down somewhere, exposing the whole system, instantly. Taking a leaf out of Unix administration, where you login with administrative privileges only when you need it, better find a compromise, where you provide a real barrier for highly sensitive information and leave the less sensitive information in an area accessible for every day use with an acceptable combination of security and user friendliness.<br><br>Employers can make our lives a misery imposing excessive security requirements, but that's what we get paid for and all we can do is to harass IT whenever we forget our password - which I did regularly <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink">. However, commercial sites would lose customers if they harassed them too much for security.<br><br>On a practical level, I would welcome a password manager, which could work on all the platforms I use every day, and keep all the entries in sync: iMac, Mac Book Pro, iPad, iPhone and, occasionally, Windows or Linux PCs. But I haven't found one yet, so I use the same password on all the sites up to a certain level of security. I am not a genius, I can't store hundreds of very complex, frequently changing passwords in my memory - and I don't think many people can.
    mainvision
  • did more than my

    did more than my expected results. Many thanks for displaying these effective, trustworthy, explanatory and in addition easy tips about your topic.[url=http://www.reversephonelookupsearch.com/]phone number lookup[/url]
    reverse110
  • This is a truly

    This is a truly awesome admittance. Today coming from msn whilst browsing an identical material. I really had upwards what you were required to go over. Maintain the truly amazing work!
    [url=http://www.cellphonelookuped.com/]cell phone directory[/url]
    johnnieey
  • actually make

    You actually make it seem really easy together with your presentation in spite of this I in finding this matter to be actually something that I think I???d by no means understand. It kind of feels too complicated and very large for me. I???m having a look forward in your next publish, I will attempt to discover that the grasp of it!
    [url=http://reversecellphonelookup.me/]reverse cell phone lookup[/url]
    reverse3012
  • became aware of

    Hi there, just became aware of your blog through Google, and found that it???s truly informative. I am gonna watch out for brussels. I????ll appreciate when you continue this in future. Quite a lot of people will be benefited from your writing. Cheers!
    [url=http://www.prlog.org/11261550-phone-number-lookup-catch-cheater-quickly.html]phone number lookup[/url]
    johnmacks393
  • You blog is actually

    You blog is actually magical. Reading through it is actually an experience.

    [url=http://www.ourmidland.com/voices/community/article_3abc5302-931f-11e1-ac26-8f9c10b62f96.html]reverse cell phone lookup[/url]
    donaldsjones