A recent Thycotic survey of more than 250 security professionals found that 53 percent of respondents haven’t changed their social media passwords in more than a year, and 20 percent have never done so.
“As we know, social networks give away a lot of private information,” Thycotic chief security scientist Joseph Carson said in a statement. “For people to not consider changing their passwords on a regular basis on their Facebook, Twitter and LinkedIn accounts, they are easily allowing hackers to access information that will grant them access to other facts of their lives, like their work computers and email.”
“Not only is this a huge vulnerability, but this is also a flaw within large social networks that don’t remind or make it clear and transparent to the user about the age or strength of the password or best practices,” Carson added.
The survey, conducted at the RSA Conference in San Francisco, also found that 25 percent of respondents only change their work passwords when the system tells them to do so.
Even Pros Use Weak Passwords
Almost 30 percent of security professionals, the survey found, have previously used, or continue to use, birthdays, addresses, pet names or children’s names for their work passwords.
“The fact that the people who are in the trenches of the day-to-day security for businesses are using weak passwords for their credentials is shocking and unacceptable,” Thycotic president and CEO James Legg said. “These survey results just go to show just how vulnerable a lot of people have made themselves and the companies they work for through being irresponsible with passwords.”
Forty-five percent of respondents believe at least half of all cyber attacks launched against their companies involved privileged passwords, and approximately 65 percent don’t believe cyber security will improve under the current U.S. administration.
Separately, a recent Pew Research Center survey of 1,055 adults Internet users in the U.S. found that while 75 percent of respondents were able to identify the most secure password from a list of four options and 73 percent knew that public Wi-Fi isn’t always safe for sensitive activities, just 10 percent were correctly able to identify a multi-factor authentication screen.
Just 13 percent of respondents knew that a VPN minimizes the risk of using an insecure Wi-Fi network, and just 33 percent knew that https:// in a URL means the information entered into the site is encrypted.
Other Forms of Authentication
And an Aite Group survey of almost 1,095 U.S. consumers, sponsored by iovation, found that over 40 percent of respondents said they feel extremely or very frustrated when they can’t get into their banking website due to a forgotten password, and almost one in three feel equally frustrated when they can’t log into an e-commerce or media site.
Over 50 percent of respondents said they would be willing to sign up for a variety of stepped-up authentication methods without any form of financial incentive, and another 24 percent would be willing to do so for a cash bonus of $10 to $25.
“What this survey makes clear is that online banking customers across generations remain extremely frustrated with passwords and if provided with more modern authentication alternatives like biometrics or facial recognition, they will eagerly embrace them,” iovation director of product management Michael Thelander said in a statement.