IT professionals believe passwords make them vulnerableMay 20, 2014 | Posted by Dan Raywood
There is a global distrust of passwords, as 97 per cent of IT professionals think they make their systems vulnerable to attack.
The research of 300 attendees at Infosecurity Europe found that 97 per cent said that they know that passwords make their systems vulnerable and pose a serious risk when accessing web applications, and yet we still use weak, static passwords for business critical applications, despite 66 per cent of IT professionals saying that the average hacker could break a typical user’s password within minutes.
Thomas Capola, CEO of Sestus, said: “This survey highlights the real disconnect users have when it comes to their password security. Users understand that they are vulnerable because of easy access to weak passwords, yet they continue to fail to protect those passwords; and this is something that hasn’t changed in over 15 years.
“All the training and user education in the world doesn’t seem to deter people from using static passwords and keeping them stored in obvious places around the office.”
Another survey by F-Secure also showed that passwords remain a problem, even for tech-conscious consumers. Its poll of 224 social media users found that 43 per cent of respondents use the same password for more than one important account, although 57 per cent of poll respondents changed passwords after hearing about Heartbleed.
Sean Sullivan, Security Advisor at F-Secure, said: “Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong.. If you created an account for some website and there’s hardly anything more in there than your username and password, then that’s probably not a critical account. But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those.”
Speaking to IT Security Guru, Get Safe Online CEO Tony Neate, said that passwords are often one of the big talking points, especially with devices where most people will not bother with one. “We talk about passwords and having many of them, but you do not have one key for everything in life, you have multiple technologies with multiple keys,” he said. “You are told you have got to have one for each website and it has to be secure, but you cannot remember it so you write it down.”
Steven Hope, CEO of Winfrasoft, said that if technology worked, you would not need passwords. “How many passwords do you use in a day? I gave up at a dozen. Until you write them down, how many do you use in a week? If it is stolen how many applications could an attacker get into? We have existed on fixes and it is a nightmare, the only way is to get rid of passwords.”