Monday, November 2, 2009
Words, Words, Words, I'm so sick of passwords
First from him, now from you!
Is that all you blighters can do?
Why have I launched into a song from My Fair Lady?
Because I'm so sick of passwords!
Yes, they are intended to protect us. But there's a limit to what we can remember or continue to generate!
I get bounced out all the time. Today I found a study of passwords conducted by Microsoft, covering a half-million users over 3 months. Here are some of their findings:
the growing herd of password accounts is maintained using a small collection of passwords. For a user with 30 password accounts, the problem is not remembering 30 passwords, but remembering which of 5-6 were used ... by a combination of memory, pieces of paper, trial and error, and password resets.
An average user has 6.5 passwords, each of which is shared (reused) at 6 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords a day.
At least 1.5% forget a password each month; at less-frequently visited sites, people forget their password about every 6th time they visit.
PC Tools, a software vendor, released these international results.
The French reuse their passwords the most (56%), compared to 35 percent of UK and 16 percent of Germans. At least 47% of men use the same password for all websites, versus only 26% of women.
In order to help our IT departments sleep better at night, we know we should use longer passwords, include numbers and special characters, change passwords often, etc etc.
But we don't. We get mad at the website instead.
I am particularly incensed with the US Postal Service, Fedex, and one of my banks. Somehow those accounts cause me the most trouble. In fact, I've given up on the bank because I just can't ever get it right. Today I managed to drop and crack a SIM card for my mobile phone, and I don't have the right passcode to give the phone company!
In researching this I have discovered a SHARED PASSWORD cyberspace. Apparently people log onto sites like the NY Times, then openly post their passwords so others can use them too. That saves the lazy piggy-backing user the time and trouble (or cost) of creating his own account. Then another set of companies search for these password sharers and report them to the website managers. What a tangled WEB, eh?
I once nearly had a stroke when I found a folder full of payroll information openly accessible on our company's network ... that's not good! I called the IT department and Personnel in horror, demanding an investigation. After a bit they called me back.
No one else can see that data. You are the system administrator, remember? You have system-wide access rights when you sign on.
Oops. I forgot.
Posted by Excelmathmike at 12:13 PM