Number of the week: 34% use primitive and easily brute-forced passwords to protect their data
05 Sep 2012
A brute-forced or stolen password can give access to a user’s every last detail – starting with personal photos and finishing with credit card details. That’s why it’s highly advisable to use complex passwords to access online services. It is also important not to use the same password for different services, for fear of losing not only important data but also your “online” personality, for example, via accounts on social networking sites. A survey carried out for Kaspersky Lab by O+K Research in 25 countries worldwide shows that the risks of simple passwords is not fully understood by users – 34% of respondents are practically unprotected.
According to the survey, insecure passwords which are easily brute-forced without any special techniques are used far too often. Examples include a date of birth (17%), a middle name (10%) or a pet’s name (9%). This sort of information may be known not only by your close friends or relatives. A creative fraudster can easily find it on the Internet, for example, on social networking sites. Another 8% of those surveyed use a simple combination of figures such as ‘123456’ or similar, and 5% of respondents simply use the word “password”. This type of “protection”, like other passwords based on easy-to-guess words, can be easily and quickly brute-forced.
Another problem which is often overlooked is the repeated use of the same password. In theory, this avoids the danger of forgetting passwords. In practice, though, if this universal password is compromised, fraudsters have an easy path into several accounts, services and programs. According to O+K Research, 9% use one password for all accounts and 37.1% use several passwords. Given one third of the survey participants (36%) use five or more password-protected services and applications we can imagine the size of the potential security breach.
As mentioned above, the place where you store your password is very important when it comes to data security. Most users (71%) prefer to memorize them which is not bad in itself, but often results in simple passwords or one password for several accounts. 46% admitted that they have forgotten a vital password at least once. 12% just write the password on a piece of paper and leave it near their computer, while 23% use an ordinary paper notebook for this purpose. Special programs designed to store passwords are used by just 7%, even though such solutions offer user data the best protection. For example, the Password Manager integrated in Kaspersky PURE 2.0 makes it possible to generate new brute-force-resistant passwords, and automatically enter them at the user’s request. As a result the user gets a reliable and, even more importantly, unique password that is inaccessible for unauthorized use.
The full report on the O+K Research survey results is available at http://www.kaspersky.com/downloads/pdf/kaspersky-lab_ok-consumer-survey-report_eng_final.pdf