When 28,000 log-in details stolen from a well-known website were posted online recently, security firms discovered that a sizable minority of internet users are incredibly naive at setting their own password.
Security analysts Cyber-Ark found that 14% of users choose sequential combinations such as 1234, QWERTY, or ABCD whilst 16% use their first name as a password.
Four percent of users, meanwhile, opted for ‘password’ or a similar derivative as their password, and 5% had chosen the names of pop singers or TV shows.
Three percent had chosen nonchalant passwords including yes’, ‘no’, ‘idontcare’, and ‘whatever’.
“More than a third of users could have their accounts totally compromised by hackers using a password library-assisted form of hacker attack that could be completed on most systems in a matter of hours,” said Cyber-Ark vice president Adam Bosnian.
“This study confirms what we’ve know for some time here at Cyber-Ark, namely there is a lot of naivety when it comes to password security out there in IT userland.”
Because of this naivety, Bosnian believes it is vital that IT managers educate staff about the need for secure password choices.
There is also a strong argument for having passwords chosen by the IT department rather than individual users, Bosnian said.
If a user whose password is stolen has admin privileges at a company, that company’s IT security would end up ‘dead in the water,’ he concluded.