ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Survey: 60 percent of users use the same password across more than one of their online accounts

By | September 30, 2011, 8:12am PDT

How often do you change your password? Do you share your passwords with family members, and how confident are you that malicious attackers wouldn’t be able to guess your password?

According to a newly published survey results, 60 percent of users use the same password across more than one of their online accounts.

More findings from the survey which sampled 1000 Australians:

  • Over three quarters (77%) of Australians have more than three online passwords
  • Nearly all (90%) of Australians are confident others wouldn’t be able to guess their online passwords
  • Nearly two thirds (60%) of Australians use the same password across more than one of their online accounts
  • Almost half (48%) of Australians only change their password when required to by a system
  • Nearly half (42%) of Australians have shared their password with a friend, family member or work colleague
  • Over a third (36%) remain logged into their online accounts

Nowadays, cybercriminals rarely brute force their way into a user’s account, even though the CAPTCHA-solving process can be easily outsourced. Instead, they rely on data mining of malware-infected hosts for stolen credentials. The data is later on used for spreading of malicious code, or for active spamming purposes.

Just how important is to change your passwords regularly? Depends on the perspective. Whereas the more often you change a password, the higher the probability that a malicious attacker that’s actively data mining botnets, will be left with outdated data, changing your password on a malware-infected host is pointless, as the malicious attacker would once again obtain access to your accounting data.

Go through related posts:

How do you deal with your passwords overload? Do you write theme down, or conveniently store them in digital format? How often do you change them, and do you use the same password across multiple web properties? Do believe that strong passwords in a  world dominated by malware infected hosts are worth it?

Talkback.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Password, Survey, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
12
Comments
Add Your Opinion

Join the conversation!

Just In

You blog is actually
donaldsjones 9th May
You blog is actually magical. Reading through it is actually an experience.

reverse cell phone lookup
View in thread
0 Votes
+ -
RE: Survey: 60 percent of users use the same password across more than one of their online accounts
mswift@... 30th Sep
If you have over 300 sites with passwords you probably re-use some of your passwords. What is worse, re-using some passwords or putting all of your unique passwords in one big file?
0 Votes
+ -
RE: Survey: 60 percent of users use the same password across more than one of their online accounts
bmgoodman Updated - 30th Sep
@mswift@... Use a reputable password manager and assign a single complex password to it. Some password managers, like the free KeePass, will allow two factor authentication (e.g., a password PLUS a key file) for added security. Then you use your password manager to generate strong passwords, unique to each site.

Sure, IF someone finds your password PLUS your "key file", they have ALL your passwords. But how much worse is that compared to using the similar or same password on dozens of sites?
0 Votes
+ -
RE: Survey: 60 percent of users use the same password across more than one of their online accounts
mswift@... 30th Sep
@bmgoodman
Critical sites that deal with personal information or money have unique passwords that are not stored in any file on the computer. For the sites that require registration to read and/or post I might use one password for car sites, one for camera sites, one for EV sites, etc.
0 Votes
+ -
C'mon! Do I really need a secure password for a magazine site?
sonnystarks 1st Oct
People use repetitive (and/or easy to remember) passwords because every damn site on the internet requires a password, no matter how trivial the information presented! Example: http://www.maximumpc.com/
I just want to look at some past issues. The site does not ask me to verify I am a paid subscriber, it just demands I create a "strong" password. When I plug in my choice of three different passwords, the site decides a "Medium strength" password is not good enough. It requires a minimum of upper/lower case, special characters, etc, etc. Why? Why does every site need a password to sign in, including this one? If I am not using my credit card to transact business, or accessing confidential information, why does Zdnet.com require me to sign in at all, much less acquire a "free registration" and create a password? U.S. Government sites are even worse!
0 Votes
+ -
Sure, why not.
databaseben 2nd Oct
there is no problem with using the same pw for sites that have little or storing nothing about oneself, including your real name.
0 Votes
+ -
Why not?
MrElectrifyer Updated - 2nd Oct
I use similar passwords for majority of the forums I have an account in. They've got no information that's in my " Sensitivity List" wink
0 Votes
+ -
RE: Survey: 60 percent of users use the same password across more than one of their online accounts
mainvision Updated - 31st Oct
You have to weigh carefully the pros and cons of a strong or weak password, then apply it intelligently (I know, too damn difficult).
1. All the sites, like yours, which require a login just to keep track of users and control trolling and spam to a certain extent, should be content with weak passwords. I use the same password for all, when possible
2. All sites which involve a certain level of confidentiality or involve financial transactions, should require strong passwords, with a minimum amount of characters
3. All sites requiring maximum security like highly confidential and e-banking sites, should employ high-level security, like one-time code lists, calculator-like code generators or, better, dongles capable of providing a highly secure VPN connection between the remote user's computer and the site. Authentication at the dongle-level is still a weak spot, but it would come up only if the dongle and the card which it employs + the credentials of the user are all stolen at the same time. Can happen but, with a bit precaution, it's relatively unlikely.

Compelling users to use very complex passwords and change them frequently, when top level security is not required, is pure idiocy, as it's guaranteed that the user will NOT remember the password. Which means that he/she will note it down somewhere, exposing the whole system, instantly. Taking a leaf out of Unix administration, where you login with administrative privileges only when you need it, better find a compromise, where you provide a real barrier for highly sensitive information and leave the less sensitive information in an area accessible for every day use with an acceptable combination of security and user friendliness.

Employers can make our lives a misery imposing excessive security requirements, but that's what we get paid for and all we can do is to harass IT whenever we forget our password - which I did regularly . However, commercial sites would lose customers if they harassed them too much for security.

On a practical level, I would welcome a password manager, which could work on all the platforms I use every day, and keep all the entries in sync: iMac, Mac Book Pro, iPad, iPhone and, occasionally, Windows or Linux PCs. But I haven't found one yet, so I use the same password on all the sites up to a certain level of security. I am not a genius, I can't store hundreds of very complex, frequently changing passwords in my memory - and I don't think many people can.
0 Votes
+ -
did more than my
reverse110 6th Apr
did more than my expected results. Many thanks for displaying these effective, trustworthy, explanatory and in addition easy tips about your topic.phone number lookup
0 Votes
+ -
This is a truly
johnnieey 14th Apr
This is a truly awesome admittance. Today coming from msn whilst browsing an identical material. I really had upwards what you were required to go over. Maintain the truly amazing work!
cell phone directory
0 Votes
+ -
actually make
reverse3012 23rd Apr
You actually make it seem really easy together with your presentation in spite of this I in finding this matter to be actually something that I think I???d by no means understand. It kind of feels too complicated and very large for me. I???m having a look forward in your next publish, I will attempt to discover that the grasp of it!
reverse cell phone lookup
0 Votes
+ -
became aware of
johnmacks393 25th Apr
Hi there, just became aware of your blog through Google, and found that it???s truly informative. I am gonna watch out for brussels. I????ll appreciate when you continue this in future. Quite a lot of people will be benefited from your writing. Cheers!
phone number lookup
0 Votes
+ -
You blog is actually
donaldsjones 9th May
You blog is actually magical. Reading through it is actually an experience.

reverse cell phone lookup

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix