I recently ran a survey on password management. You can see my original blog and even take the survey yourself here. At best, I thought 20 or so of you would take the time to fill out the survey…and that would include most of my close relatives. However, instead we got more than 400 responses in a few short days (not even including my relatives). So, thank you to all who took the time to complete the survey. I’ve posted the results below.
I want to comment on some of the results. It may be a stretch to draw too many definitive conclusions from the data, but it will be fun nonetheless. If anyone wants to comment, correct or vehemently disagree with any of my conclusions please feel free to do so.
Let’s get started!
1. On how many different networks, websites, etc. do you have a password-protected account? Count your business accounts (work network, business websites) as well as your personal accounts (online banking, websites, etc.). |
0 |
|
2 |
0% |
1-2 |
|
10 |
2% |
3-5 |
|
34 |
8% |
6-10 |
|
104 |
23% |
11-20 |
|
100 |
22% |
More than 20 |
|
196 |
44% |
Total |
446 |
100% |
My answer to question 1 was in the 11-20 group, but on reflection, it’s clearly more than that. Though there are probably only 11-20 that I could name at any given time, there are probably at least 11-20 more that I have forgotten about and will have to request a new password the next time I go to the site. It’s interesting to contrast this with question 6.
6. How do you remember your passwords? Mark all that apply. |
My browser keeps track of my password |
|
101 |
23% |
Post-it note or typed list near my computer |
|
33 |
7% |
Word document on my computer |
|
47 |
11% |
Memory |
|
263 |
59% |
Password management software |
|
145 |
33% |
Other, please specify |
|
49 |
11% |
Almost 80 percent of us have six or more password protected accounts, yet almost 60 percent of us are also using our memory to keep track of them. I have to confess that after memory failed me repeatedly, I moved to a password manager. Memory is still my main method, but the password manager is a critical back-up as my cranial hard drive seems to fail me constantly. Speaking of hard drive failures, how many of you password management software users back that up? I lost a hard drive last year and spared myself a lot of pain by having the database of my password manager backed up.
2. How do you choose passwords for these sites? |
They are all the same password |
|
37 |
8% |
I have just a few passwords that I alternate for all my accounts |
|
199 |
45% |
I have a few duplicate passwords, but mostly they are unique |
|
130 |
29% |
I have a different password for each account |
|
80 |
18% |
Total |
446 |
100% |
According to the results of question 2, only eight percent of respondents use the same password everywhere. This was an encouraging result and again proves that our readers are pretty darn smart. I fall into the 28 percent that have a few duplicate passwords. Maybe it’s pure laziness on my part, but it’s certainly convenient for my faulty memory, and those three extra mouse clicks to create an entry in the password manager can tire me out. But seriously, I’m working my way out of the habit. I hope the other 28 percent of you are as well. As a first step, do what I do and at least evaluate the risk involved before you use a duplicate password. Ask yourself, Is there a risk to my money, data or identity if I use a duplicate password here? How many accounts will I be putting at risk if I lose this password? No doubt you have accounts where a stolen password really wouldn’t matter, but the number of those accounts may be less than you think. A year ago, many people probably thought they could afford to lose their login and password on Facebook.
Then their “friends” started asking for plane fare to get home from London.
3. Which of the following are the most important factors when selecting a new password? Mark all that apply. |
Easy to remember |
|
206 |
46% |
Short and easy to enter |
|
36 |
8% |
Fun or interesting |
|
39 |
9% |
Strength (i.e., hard to guess) |
|
318 |
71% |
Other, please specify |
|
32 |
7% |
Question 3 featured my favorite results in the whole survey. My answer was the same as that of the majority: I want my password to be easy to remember, but hard to guess. I suppose life is full of such contradictions (I’ll provide a word on how to actually accomplish this in just a minute). The good news is that most of us have figured out that using certain methods to make our passwords easier to remember, does not make them harder to guess. This is indicated in the results to question 5 below.
5. Which of the following have you used at some point as a password? Mark all that apply. |
Your middle name |
|
23 |
5% |
Your birthday |
|
38 |
9% |
Your pet's name |
|
45 |
10% |
123456 (or variation thereof, like 12345 or 1234567) |
|
22 |
5% |
"Password" |
|
14 |
3% |
Obama (or variation thereof, like BHO, Barrack, etc.) |
|
2 |
0% |
None of the above |
|
322 |
72% |
Other, please specify |
|
41 |
9% |
Now, I don’t doubt that three percent of us have accounts where “password” is the password, but people, why on earth would you admit it? Thanks for your honesty, but shame on you for doing it. For the rest of you that are still using middle names, birth dates and pet names, what are you thinking? Security by obscurity? That no one but your friends and family could possibly know your pet’s name? Well, if you use a social networking site, I bet I can figure it out in less than 20 minutes.
So how do you make passwords easy to remember yet hard to crack? I’ll repeat my advice from the previous blog entry introducing the survey:
-
Use a mix of numbers, letters, punctuation, and symbols
-
Take a word or phrase that’s meaningful to you and alter it
-
Replace the first few characters in your password with numbers or symbols
-
The longer the better
-
Avoid personal information, repetition, sequences, and dictionary word
Thanks again for taking part in the survey. See below for the complete list of results.
1. On how many different networks, websites, etc. do you have a password-protected account? Count your business accounts (work network, business websites) as well as your personal accounts (online banking, websites, etc.). |
0 |
|
2 |
0% |
1-2 |
|
10 |
2% |
3-5 |
|
34 |
8% |
6-10 |
|
104 |
23% |
11-20 |
|
100 |
22% |
More than 20 |
|
196 |
44% |
Total |
446 |
100% |
|
|
|
|
|
|
|
|
2. How do you choose passwords for these sites? |
They are all the same password |
|
37 |
8% |
I have just a few passwords that I alternate for all my accounts |
|
199 |
45% |
I have a few duplicate passwords, but mostly they are unique |
|
130 |
29% |
I have a different password for each account |
|
80 |
18% |
Total |
446 |
100% |
|
|
|
|
|
|
|
|
3. Which of the following are the most important factors when selecting a new password? Mark all that apply. |
Easy to remember |
|
206 |
46% |
Short and easy to enter |
|
36 |
8% |
Fun or interesting |
|
39 |
9% |
Strength (i.e., hard to guess) |
|
318 |
71% |
Other, please specify |
|
32 |
7% |
|
|
|
|
|
|
|
|
4. How often do you change your passwords? |
At least once a month |
|
20 |
4% |
Once a quarter |
|
78 |
17% |
Once a year |
|
41 |
9% |
Not very often |
|
282 |
63% |
Wait, you can change passwords? |
|
25 |
6% |
Total |
446 |
100% |
|
|
|
|
|
|
|
|
5. Which of the following have you used at some point as a password? Mark all that apply. |
Your middle name |
|
23 |
5% |
Your birthday |
|
38 |
9% |
Your pet's name |
|
45 |
10% |
123456 (or variation thereof, like 12345 or 1234567) |
|
22 |
5% |
"Password" |
|
14 |
3% |
Obama (or variation thereof, like BHO, Barrack, etc.) |
|
2 |
0% |
None of the above |
|
322 |
72% |
Other, please specify |
|
41 |
9% |
|
|
|
|
|
|
|
|
6. How do you remember your passwords? Mark all that apply. |
My browser keeps track of my password |
|
101 |
23% |
Post-it note or typed list near my computer |
|
33 |
7% |
Word document on my computer |
|
47 |
11% |
Memory |
|
263 |
59% |
Password management software |
|
145 |
33% |
Other, please specify |
|
49 |
11% |
|
|
|
|
|
|
|
|
7. Who have you given your password to in the past? Mark all that apply. |
Co-worker |
|
34 |
8% |
Boss |
|
22 |
5% |
Spouse |
|
115 |
26% |
System admin |
|
52 |
12% |
A friend |
|
46 |
10% |
None of the above |
|
254 |
57% |
Other, please specify |
|
21 |
5% |
|
|
|
|
|
|
|
|
8. Windows 7 has a robust password management system that can be set up to make you change your password on a regular basis and won't let you use a password you have recently used. Is this a good thing? |
Yes, that will make things more secure for me. |
|
157 |
35% |
Maybe, but I hope it isn't too often. |
|
179 |
40% |
I would prefer not to change my passwords. |
|
110 |
25% |
Total |
446 |
100% |
|
|
|
|
9. What operating system(s) are you currently using? Mark all that apply. |
Windows 7 |
|
196 |
44% |
Vista |
|
174 |
39% |
XP |
|
274 |
61% |
MacOS |
|
76 |
17% |
Linux |
|
86 |
19% |
Other, please specify |
|
11 |
2% |