Password Security: What Users Know and What They Actually Do

Martin Brinkmann
Apr 22, 2006
Updated • May 4, 2013
Security
|
0

The study "password security: what users know and what they actually do" was conducted by the department of psychology at Wichita State University. The study investigated the common password generation practices of online users. All participants took part in a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information.The results are interesting:

  • The average time users have maintained their primary personal use password is 31.07 months, nearly three years.
  • How frequently do you change your password on a regular basis when not required by the system was answered by 52.7% of the participants with never.
  • 85.7% reported that they use lowercase letters and 56.5% mentioned that they use numbers or digits in their passwords. In addition, 54.9% indicated that they use personally meaningful words, such as names of children, pets or street names, while 49.8% stated that they use personally meaningful numbers, such as birth dates or telephone numbers
  • 54.6% of users report that they are using the same password for multiple accounts “very frequently or  even“always", while 33.0% use variations of the same password for multiple accounts.
  • 73% of the respondents reported that they should change their passwords for accounts every three to six months, but 52.7% mentioned that they never change their password when not required.
  • 70.5%  indicated that personally meaningful words should not be used, but 49.8% mentioned that they still use these meaningful words in regards to passwords.

So, what's the lesson we learn from this study? If you want users to follow password guidelines, make sure you enforce them across your network. I hate the IT section at my workplace because they force you to change the passwords regulary, use upper / lowercase, numbers and chars. The new password is not allowed to match with the nine previous ones, is not allowed to have repeated chars and not allowed to have logic sequences (123456, eee, sort of things). While that is a nuisance in the eyes of the user, it certainly helps in terms of overall security of the workplace.

Advertisement

Related content

Tunnelvision

TunnelVision attack against VPNs breaks anonymity and bypasses encryption
Bitwarden Authenticator

Bitwarden launches standalone Bitwarden Authenticator app
bitwarden

Bitwarden launches passkeys support in mobile apps for Android and iOS
Intel

Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password
Malwarebytes 5

First look at Malwarebytes 5.0

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved