One (Weak) Password Is All Many Users Have, No Matter Many Strong Ones They Need: Sophos

A new Sophos password survey shows some improvement in the the number of computer users depending on one, generally weak, password for multiple sites and purposes. Only a third or so of respondents admitted to using the same password for multiple sites. Only a third!

Keith Ferrell, Contributor

March 11, 2009

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A new Sophos password survey shows some improvement in the the number of computer users depending on one, generally weak, password for multiple sites and purposes. Only a third or so of respondents admitted to using the same password for multiple sites. Only a third!The Sophos survey of password practices found that while 48% of the (unscientific, by Sophos's admission) survey respondents said they use multiple unique passwords at least some of the time, only 19% said that multiple passwords -- a unique password for each site requiring password access -- was constant practice.

Fully a third of the participants copped to using the same password for every site.

Care to bet how strong those passwords are? Neither would I, but you can bet, safely, that the cybercrooks know just how weak many if not most of those passwords are, and are counting on it.

The makers of the Conficker worm, in fact, built in a list of 200 commonly used passwords that their creation uses to test -- and bypass! -- system defenses. Here's a sampling:

admin admin1 admin123

About the Author

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights