Five Tips for Keeping Passwords Safe
Check out the key issues your users should always be aware of when it comes to password security.
Kevin Haley of Symantec wanted to check out the password habits of the readers of the Symantec Security Response blog. For that, Haley developed a simple survey in which more than 400 readers eventually participated. While hardly a full-fledged study, the survey offers pretty good insight into the way users manage their passwords, regardless of whether they works for an enterprise or SMB.
One clear trend is that users increasingly access multiple systems that require passwords. When quizzed on the number of Web sites and work accounts protected by passwords, a large proportion (66 percent) indicated that the figure is more than 11 different accounts. In fact, 44 percent said they access more than 20 password-protected accounts, while another 23 percent say they access between 6 to 10 password-protected accounts.
Given the growing importance of passwords in securing access from unauthorized people, there is little doubt that user management of their passwords will remain an important topic for some time.
Another finding that I found interesting involved asking users: "How do you choose passwords for these sites?" Not surprisingly, more than 50 percent of the respondents indicated that they either use the same password for all sites, or "have a few passwords" that they alternate for various accounts. Only a small 18 percent say they have a different password for each account.
This is hardly surprising behavior, for it is only human for users to want to remember as few passwords as necessary. To alleviate this somewhat common malaise, I have in the past suggested that users should at least use different passwords on their personal accounts than that used on their work-related ones.
In addition, this speaks of an even greater need to inculcate the importance of creating good, secure passwords. Thankfully, the majority (72 percent) say that their password does not contain common words such as their middle name, pet's name, birthday, running numbers, etc. Then again, that is 28 percent of users remaining who need to be educated on how to formulate good, robust passwords. (You can check out Protecting Your Passwords in the Knowledge Network for assistance on this)
As I point out time and again, educating users about proper management of their passwords remains an important topic for small and mid-sized businesses. Indeed, it must be remembered that the survey participants are readers of the Symantec Security Response blog - and are hence more likely to be security administrators or IT managers than your average Joe.
Clearly, this makes it even more pertinent to SMBs, as they often lack dedicated security staffers.