Skip to content. | Skip to navigation

Sections

Personal tools

You are here: Home → wikidblog → Password surveys again

Recent entries: Two-factor for the cloud admin Aug 15, 2008; Debunking "Two-Factor Authentication Debunked by TSB Phish" admin Jul 02, 2008; New Howtoforge article - Postgresql admin Jul 02, 2008; World of Warcraft gets two-factor authentication - your bank won't follow admin Jul 01, 2008; Podwójne uwierzytelnianie admin Jun 10, 2008

Recent comments: Re:Security and Oil admin Apr 25, 2008; Re:Security and Oil Paul feet Apr 24, 2008; Re:100% open source admin Apr 22, 2008; Re:100% open source Adam Apr 22, 2008; Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007

2005/05/09

Password surveys again

Both RSA and Versign have done sponsored surveys on password usage and abusage by users. The first one - where they offered candy bars for passwords, was funny, but it is increasingly clear that these surveys are more about getting press than being scientific. Here are some hightlights from Verisign's survey:

Two out three three people (180 of 272) approached in a downtown San Francisco street by researchers were happy to provide their password in exchange for a coffee gift card.

57 per cent reported having four or more passwords

79 per cent reported using the same password for multiple websites or applications

I think that most people assume that just having the password isn't enough to get access. I wonder if the surveyors also asked the people where they worked and their name. I also wonder if they gave their actual password, or just lied. I wonder how many people would be willing to give up the ATM PIN for a candy bar?

Interestingly, unlike WiKID Strong Authentication neither Verisign's nor RSA's token systems can handle multiple websites or applications without some type of federated identity.

Survey results can all be seen at the reg: http://www.theregister.co.uk/2005/05/06/verisign_password_survey/

Category(s): Strong Authentication; Two Factor Authentication

The URL to Trackback this entry is:: http://www.wikidsystems.com/WiKIDBlog/32/tbping

Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

Author (Required)

EMail (Required)

URL

Title (Required)

Comment (Required)

Remember your information on cookie?

Verification Code

This helps us prevent automated spamming.

Captcha Image

Categories: Security and Economics (78); Two Factor Authentication (126); Authentication Attacks (52); Phishing and Fraud (86); Miscellaneous (90); WiKID (62); Information Security (64); Strong Authentication (24); Open Source (32); Mutual Authentication (38); Transaction Authentication (11); Wireless, cellular, mobile devices (6); PCI (23)

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Start using WiKID today

Recent Changes: Two-factor for the cloud Aug 15, 2008; Installation Documentation Aug 15, 2008; How to install the WiKID Enterprise RPMs Aug 15, 2008; How to install the WiKID Strong Authentication Server - Enterprise Edition - Page 2 Jul 25, 2008; WiKID Quickstart Installation Cheatsheet - Version 3.x Jul 25, 2008; All recent changes…

Got Questions? Get Answers.