View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
March 10, 2009

One password still fits all for web users

Don’t stick to dictionary words, urges Sophos

By Steve Evans

New research from security vendor Sophos has revealed that one third of Internet users have the same password for multiple websites.

The firm found that 33% do not alter their password from one website to the next, while a further 48% claim to use a variety of different passwords. Just 19% said they never use the same password. Sophos conducted a similar survey three years ago and found then that 41% said they always use the same password and just 14% said they always used a different one.

Graham Cluley, senior technology consultant at the company, said: “It’s worrying that in three years very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.

“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.”

Sophos highlights a number of recent security breaches, including the compromising of MP Jack Straw’s Hotmail account and the hacking of a number of Twitter accounts belonging to celebrities as evidence that people need to asses the strength of their passwords and ensure that they are choosing unique and multiple passwords for every different sensitive account.

One way to improve your Internet defences, Sophos says, is to avoid using dictionary words for passwords.

Cluley said: “It’s easy to understand why computer users pick dictionary words as they’re much easier to remember. A good trick is to pick a sentence and just use the first letter of every word to make up your password. To make it even stronger, you can replace words like ‘for’ for the number 4, and this should give you peace of mind that your password won’t be guessed.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Cluley added that using a password management system is one way of keeping on top of your password collection – provided the master password is as strong as possible.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.