Only 1 in 7 business users bother to create different passwords for each Web site that requires authentication, a security company said Wednesday, a major security failure in the enterprise.
A Web poll conducted by Abingdon, U.K.-based Sophos showed that just 14 percent of the 533 business users surveyed use a unique password for each site. Forty-one percent, meanwhile, use the same password all the time, while the remaining 45 percent use “a few” different passwords.
“It is madness to use the same password for accessing a site which tells you the football results as the one which gives you access to your online bank account,” said Graham Cluley, Sophos senior technology consultant, in a statement.
“If hackers manage to steal your password, and you use the same password for all sites, then it’s giving them an open invitation to steal your identity and leave you with a large hole in your virtual wallet.”
And companies’ system administrators aren’t helping out.
“Company defenses are only as strong as the weakest link in the chain, which can often be the users. If [they] decide to make their password the name of their girlfriend, favorite football team, or pet goldfish then they are risking business data,” he said.
Three out of four of the 500 system administrators who responded to a second survey admitted that they allow their users to pick weak passwords. Only 1 in 10 said that they demand strong passwords, such as those that combine both letters and other characters, or are of a certain length.
“Criminals are becoming increasingly canny at finding ways of exploiting vulnerable users and pilfering funds,” said Cluley. “Some employees are practically handing their private information over on a plate.”
We wrote an article which outlined good password habits. Click here to read it.