Four of ten users have only one password

Simple passwords are putting companies at risk, according to a new survey unveiled at the Infosec Europe 2006 show in London.

A poll of more than 500 business PC users conducted by Sophos has revealed that only 14 percent use a different password for every website. Another 41 percent admitted to using the same password all the time, and 45 percent admitted that they had a small handful of different passwords to choose from.

"It is madness to use the same password for accessing a website which tells you the football results, as the one which gives you access to your online bank account," said Graham Cluley, senior technology consultant for Sophos. "If hackers manage to steal your password, and you use the same password for all websites, then it's giving them an open invitation to steal your identity and leave you with a large hole in your virtual wallet."

A further 500-strong poll asking system administrators if their users chose weak, easy-to-crack passwords, divulges that nearly three quarters of employees are falling into this trap.

"Company defenses are only as strong as the weakest link in the chain - which can often be the users. If users decide to make their password the name of their girlfriend, favorite football team or pet goldfish, then they are risking business data. Similarly, they need to be educated not to choose dictionary words which are easy for a hacking program to crack," said Cluley.

"Cyber criminals are becoming increasingly canny at finding ways of exploiting vulnerable users and pilfering funds. By ignoring, or not realizing how easily fraudsters can crack weak passwords, some employees are practically handing their private information over on a plate. Users must be vigilant in choosing multiple, unpredictable passwords to ensure the security of business networks and personal data," said Cluley.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.