Sony Xperia Z3 design, specs, and launch rumours: LIVE

Feedback

How bad habits are still compromising passwords post-Heartbleed

SecurityGuides
by Ian Barker, 22 May 2014Guides
How bad habits are still compromising passwords post-Heartbleed

The more we do online the more passwords we have to remember and it's tempting to take shortcuts. A new survey by security specialist F-Secure reveals that 43 per cent of respondents use the same password for more than one important account.

The sheer number of accounts we have is a problem also. 58 per cent of poll respondents say they have over 20 password-protected online accounts or simply too many to keep track of - 27 per cent have between 11 and 20 password-protected accounts and 15 per cent have under 10. Despite this though only 40 per cent use a password manager to keep track of them.

Poor password choices such as using pet names are still common, but encouragingly 57 per cent of respondents say they changed their passwords after Heartbleed.

But if you have a lot of accounts, setting a unique, strong password for each one can seem to be a daunting task which is why many people fail to do it. Sean Sullivan, security advisor at F-Secure suggests, "Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong".

This takes account of the fact that you may have accounts where little important information is stored.

"If you created an account for some website and there's hardly anything more in there than your username and password, then that's probably not a critical account," says Sullivan.

"But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those".

Particularly critical are email accounts that are used as password reset addresses for other services. For these "master key" accounts it's a good idea to use two-factor authentication if possible.

The company suggests using a password manager like its F-Secure Key which is free for a single device or can synchronise using a secured connection for a monthly fee.

Topics
blog comments powered by Disqus