(MSPAlliance) – Wednesday, May 3, 2006 – A new survey by Sophos, Inc. shows that users and IT staff aren’t using passwords properly, unnecessarily putting computers and company networks at risk. Forty-five percent of respondents reported using “a few different passwords,” and 41 percent reported using the same password for every Web site “all the time.” Only 14 percent of respondents said they never use the same password twice.
The Sophos survey was conducted by visitors to the company Web site, many of whom are IT and security professionals. The high levels of people using duplicate passwords shows a lack of education and attention to password security. With many Web sites prompting a password, it is hard for most users to remember a unique password for every Web site they visit.
Users should prioritize Web sites according to risk, using a common password for low-risk sites. However, for any financial or banking Web sites, companies should tell users to use a password that is long, complex and unique, consisting of both letters and numbers, upper and lower cases, and special characters if allowed. In either risk category, user passwords should not easily reflect casual information about the user, such as a child’s birthday.