New Report: Australians and Password Security05 October, 2011
|By Allison Orr|
A new report from the Centre for Internet Safety at the University of Canberra, commissioned by PayPal, has investigated how people use and manage their online passwords, and has found mixed results.
The report, Password Security: A survey of Australian attitudes towards password use and management, finds that almost half (48%) only change their passwords when required to by a system, nearly the same percentage have shared their password with a friend, family member or work colleague, and nearly two thirds (60%) use the same password across more than one of their online accounts.
However, the research also found that more than three-quarters of people (78%) said their passwords contained no personally identifying information, and only 10% thought their passwords could be easily guessed.
The research highlighted the problem with passwords: those that are difficult to crack are also often difficult to remember, meaning people have to record them. Nearly half of respondents (46%) admitted to writing down their passwords, but the authors do not consider this a major breach, as long as the passwords are not written down on your computer desktop or mobile device.
To ensure greater security, the report makes the following recommendations:
- Have different passwords on different online accounts.
- Choose passwords that do not involve personal information or common names, that have at least 8 characters including at least one digit, one upper case letter, and one special character.
- Never reveal a password to anyone.
- Change passwords at least twice a year.
- The report makes the following recommendation on generating a password that is harder to guess: think of a phrase like “I love it when it rains on weekends!”. Take the first letter from each work (Iliwirow!). Now convert the letter “o” to a zero (Iliwir0w!).