Study: We've Got More Clean Underwear than Passwords

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.tomsguide.com/us/kaspersky-underwear-passwords,news-21854.html

Most people are taught from a young age to keep a robust supply of clean
underwear and to frequently change the pair they're wearing, but it appears
that few of us practice that same habit regarding passwords.

According to a new survey, 4 out of 5 people in certain European countries
claim to have more pairs of underpants than they do unique passwords, which
points either to rampant recycling of passwords or to colossal collections
of underpants.

The survey,
<https://underwear.kaspersky.com/IFOP_Kaspersky_PALU_Survey_Results_ENG.pdf>
commissioned by the London public-relations firm Hotwire on behalf of
Russian antivirus firm Kaspersky Lab and titled "The compared perceptions
of passwords and underwear," also found that 74 percent of respondents
would feel more exposed leaving the house sans underwear than if their
personal data were stored without password protection (26 percent).

The survey was conducted by the French public polling group Ifop and
questioned more than 7,000 Europeans spread roughly evenly across France,
Germany, the United Kingdom, Spain, Italy, the Netherlands and Denmark.
Survey questions revolved around how users felt about their passwords and
their undergarments, to see which had a greater priority in day-to-day
life.

A separate, non-scientific study
<https://press.kaspersky.com/files/2015/09/Cyber_savvy_quiz_report.pdf>
conducted online by Kaspersky Lab queried more than 18,000 people worldwide
through a quiz regarding Internet security (you can take it yourself here
<https://blog.kaspersky.com/cyber-savvy-quiz/>). In that study, 1 in 7
respondents said they used the same password for each and every online
account they had. That's a terrible idea -- if a frequently reused password
is guessed, stolen or leaked in a data breach, the other accounts for which
it is used are as good as unprotected.

David Emm, principal security researcher at Kaspersky Lab, said in a
statement that such sloppy security stems from both a lack of education
about best security practices and a preference towards convenience.

"Unfortunately, many people don't have a very good understanding of the
scale of Internet threats and are not serious enough about protecting their
personal data online, significantly increasing the risk of losing it," Emm
said.

The Ifop survey revealed that we, or at least residents of western Europe,
change our undies much more frequently than we do our passwords.
Respondents who claimed to change their passwords every three months were
in the clear minority (35.9 percent), compared the stark majority (87.1
percent) that claimed to change their underwear on a daily basis. For what
it's worth, Danish respondents claimed to change their undergarments the
least frequently, with only 84 percent saying they swapped out their
skivvies every day.

In a company blog posting, Kaspersky's Kate Kochetkova commented on both
studies, and offered three pieces of advice. The first two are that users
should create passwords using complex strings of characters that don't
contain words commonly found in dictionaries, and that users should not
share passwords with anyone else. Over half (55.7 percent) of those
surveyed in the Ifop report claimed they never had and would never share
their passwords with close relatives, while even more (73.7 percent) said
they had not and would never share their undies with a relative.

Kochetkova also endorsed the use of password-management software, such as
Kaspersky Password Manager. This is valid advice in theory, as password
managers provide convenience and a means of organizing dozens, even
hundreds, of passwords, which limits the impact if a password is
compromised in a data breach.

But putting all of your security eggs into one basket also creates risk.
Your master password, which unlocks the rest of the passwords, could be
forgotten or stolen. And as we've recently
<http://www.tomsguide.com/us/hacker-tool-keepass,news-21782.htmlhttp://www.tomsguide.com/us/lastpass-security-flaws,news-21826.html>seen,
password-manager programs themselves can be hacked. Using a password
manager creates both a single point of failure and a big fat target for
malware and identity thieves; it's certainly a better practice than using a
single password for all accounts, but it might not be better than writing
all your passwords down a piece of paper that you keep in a safe.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!