Don’t stick to dictionary words, urges Sophos
New research from security vendor Sophos has revealed that one third of Internet users have the same password for multiple websites.
The firm found that 33% do not alter their password from one website to the next, while a further 48% claim to use a variety of different passwords. Just 19% said they never use the same password. Sophos conducted a similar survey three years ago and found then that 41% said they always use the same password and just 14% said they always used a different one.
Graham Cluley, senior technology consultant at the company, said: “It’s worrying that in three years very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.
“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.”
Sophos highlights a number of recent security breaches, including the compromising of MP Jack Straw’s Hotmail account and the hacking of a number of Twitter accounts belonging to celebrities as evidence that people need to asses the strength of their passwords and ensure that they are choosing unique and multiple passwords for every different sensitive account.
One way to improve your Internet defences, Sophos says, is to avoid using dictionary words for passwords.
Cluley said: “It’s easy to understand why computer users pick dictionary words as they’re much easier to remember. A good trick is to pick a sentence and just use the first letter of every word to make up your password. To make it even stronger, you can replace words like ‘for’ for the number 4, and this should give you peace of mind that your password won’t be guessed.”
Cluley added that using a password management system is one way of keeping on top of your password collection – provided the master password is as strong as possible.