How to hack a quarter of all Japanese web users’ accounts
Advertisement
japan.internet.com published the results of a survey by goo Research into the use of web site passwords carried out at the start of this month. 1,091 members of goo’s research monitor group successfully completed the private web-based questionnaire. 56.7% of the sample was female, and 20.3% were in their twenties, 41.5% in their thirties, 24.5% in their forties, 10.2% in their fifties, and 3.6% in their sixties.
The stunning figure is that 266 people, or 24.4%, admitted to using a password identical to their user name, if allowed by the web site. 43.4% said they wrote it down, which arguably can be better than memorising a simpler one, although no questions were asked in this survey on how complex passwords were.
This survey highlights perhaps two possible approaches to hacking in addition to the headline’s method of using the same user name and password. Another would be a phishing attack, but one that on password entry presented a password error. Since almost half the people say they repeatedly guess at the password, this type of fake site might yield multiple passwords for various sites. Finally, an attack that I have never heard of, but seems ridiculously simple for such situations as online game bulletin boards for competing clans, where, by means of a backdoor into the password routines, one can extract user names and passwords which can then be used for whatever purposes, once you track down the places that that user frequents.
Back on the subject of personal password management, I once tried using a password management tool, but it was excessively cryptic and after entering two or three passwords I forgot exactly how to go about entering a master password, and couldn’t recover from the situation, so I had to delete the tool!
I can’t find a similar survey of passwords from other countries, but if anyone can provide a link, it would make a useful comparison.
Q1: How many services that required logins do you use? (Sample size=1,091)
One to four 18.2% Five to ten 41.1% Eleven to fifteen 16.1% Sixteen to twenty 11.6% Twenty-one to thirty 4.7% Thirty-one or more 8.4% Note that no-one had zero logins, as they need one to access goo Research to answer the questionnaire! Also, I would suspect that people’s estimates would be lower than the actual number as there are bound to be services people forgot to count.
Q2: In the last year how has the number of services you use that require logins changed? (Sample size=1,091)
Increased 56.6% Decreased 3.9% Not changed 39.5% Q3: How do you select user ID and passwords for multiple sites? (Sample size=1,091)
Try to use the same user ID and password pair for multiple sites 87.7% Always use different ID and password pairs 8.1% Other 4.2% Q4: Have you ever forgotton your password and/or ID? (Sample size=1,091)
Frequently forget 9.2% Sometimes forget 78.1% Never forget 12.7% Of the 952 people who have forgotton their login details, they had three main approaches to the problem. First, 713 people, or 74.9% used an email reminder function; next, 454 people, or 47.7%, used a secret question or similar method, then 448 people, or 47.1%, tried remembering their password and typing in whatever came to mind.
Other notable answers were 150 people, or 15.8%, who just re-register from scratch, 124 people, or 13.0%, who just get in touch directly with the site owner, and just over one in ten, or 99 people, just give up using the site altogether!
Q5: How do you usually manage your passwords? (Sample size=1,091, multiple answer)
Votes Percentage Write down in physical notebook or memo, etc 473 43.6% Remember it 401 36.8% Save registration confirmation email 353 32.4% Use identical user name and password, if possible 266 24.4% Record in email or text file, etc 250 22.9% Use browser’s password auto-filling feature 199 18.2% Use ID and password management software 72 7.0% Have printed member’s card with ID and password 65 6.0% Other 29 2.7%
Subscribe to feed