Lax Password Security Practices Endanger Consumers

One in 10 Americans admit to never changing their passwords and just over one-third (38 percent) alter their passwords on an average of every six months, according to a survey by Mail.com.

One in five use the same password for most or all of their Internet services, and only 23 percent of users protect different services with different passwords, the survey found.

What’s more, 58 percent of those surveyed rely on their memory and store passwords in their head, while 15 percent write their passwords on a piece of paper. Five percent save passwords in their browser and 9 percent use password management software.

“There are two main reasons Americans are so negligent when it comes to passwords: first, the sharply increasing number of Internet services that require an authentication with passwords, and second, the missing knowledge on password security,” Martin Wilhelm, public relations manager for Mail.com, told eWEEK. “People choose passwords that are easy to remember because it’s much more comfortable than handling a complex and individual password for a variety of different services. What they don’t have in mind is that they run the risk of losing all their data on the Internet once this password has been spied out by Internet criminals.”

One-third (33 percent) of respondents said they use birthdays, pet names or simple strings such as “123456” or “qwerty” as passwords.

“Eventually, only methods that are most commonly used by the mainstream of Internet users will prevail,” Wilhelm said. “That means they have to be very simple and user-friendly. The advantage of passwords is clearly that no other devices are needed for authentication purposes. I can log on to my e-mail account with many different devices around the world as long as they are connected to the Internet.”

He noted that as more security throughout the Internet becomes even more necessary, alternative authentication methods such as biometry are being researched.

“Nonetheless, it has to be ensured that providers meet high data protection requirements concerning the storage and use of biometrical data,” he said.

Wilhelm also said he thinks it is very unlikely that passwords will disappear in the near future, since they have been used for several services on the Internet from the very beginning.

“A procedure that has been learned by the majority of Internet users over such a long time will not change quickly,” he explained. “However, there is a trend that uses alternative authentication methods simultaneously to passwords—for example the fingerprint recognition on mobile phones. If passwords should be replaced by such methods, it will definitely still take some time.”