japan.internet.com published the results of a survey by goo Research into the use of web site passwords carried out at the start of this month. 1,091 members of goo’s research monitor group successfully completed the private web-based questionnaire. 56.7% of the sample was female, and 20.3% were in their twenties, 41.5% in their thirties, 24.5% in their forties, 10.2% in their fifties, and 3.6% in their sixties.
The stunning figure is that 266 people, or 24.4%, admitted to using a password identical to their user name, if allowed by the web site. 43.4% said they wrote it down, which arguably can be better than memorising a simpler one, although no questions were asked in this survey on how complex passwords were.
This survey highlights perhaps two possible approaches to hacking in addition to the headline’s method of using the same user name and password. Another would be a phishing attack, but one that on password entry presented a password error. Since almost half the people say they repeatedly guess at the password, this type of fake site might yield multiple passwords for various sites. Finally, an attack that I have never heard of, but seems ridiculously simple for such situations as online game bulletin boards for competing clans, where, by means of a backdoor into the password routines, one can extract user names and passwords which can then be used for whatever purposes, once you track down the places that that user frequents.
Back on the subject of personal password management, I once tried using a password management tool, but it was excessively cryptic and after entering two or three passwords I forgot exactly how to go about entering a master password, and couldn’t recover from the situation, so I had to delete the tool!
I can’t find a similar survey of passwords from other countries, but if anyone can provide a link, it would make a useful comparison.Read more on: goo research
Read the rest of this entry »