About 53% of users haven’t changed their social network passwords in more than one year—with a fifth having never changed their passwords at all, according to research from Thycotic.
More than a quarter of respondents said they change their passwords at work only when the system tells them to.
The survey, conducted by the company at RSA Conference in San Francisco in February, said that this state of affairs not only shows the vulnerability of users’ accounts and the lack of standards set for social networks to implement automation and using password managers, but a way for hackers to easily infiltrate a user’s work email. “As we know, social networks give away a lot of private information. For people to not consider changing their passwords on a regular basis on their Facebook, Twitter and LinkedIn accounts, they are easily allowing hackers to access information that will grant them access to other facets of their lives, like their work computers and email,” said Joseph Carson, chief security scientist at Thycotic. “Not only is this a huge vulnerability, but this is also a flaw within large social networks that don’t remind or make it clear and transparen[t] to the user about the age or strength of the password or best practices.”
The survey results also found a disconnect in the security industry between security professionals and their own actual security habits. Nearly 30% of security professionals have or still use birthdays, addresses, pet names or children names for their work passwords, Thycotic said. But about half (45%) of respondents said they believe privileged accounts accounted for at least half of the cyberattacks.
Full Article. Most Users Haven't Changed Social Media Passwords in a Year
More than a quarter of respondents said they change their passwords at work only when the system tells them to.
The survey, conducted by the company at RSA Conference in San Francisco in February, said that this state of affairs not only shows the vulnerability of users’ accounts and the lack of standards set for social networks to implement automation and using password managers, but a way for hackers to easily infiltrate a user’s work email. “As we know, social networks give away a lot of private information. For people to not consider changing their passwords on a regular basis on their Facebook, Twitter and LinkedIn accounts, they are easily allowing hackers to access information that will grant them access to other facets of their lives, like their work computers and email,” said Joseph Carson, chief security scientist at Thycotic. “Not only is this a huge vulnerability, but this is also a flaw within large social networks that don’t remind or make it clear and transparen[t] to the user about the age or strength of the password or best practices.”
The survey results also found a disconnect in the security industry between security professionals and their own actual security habits. Nearly 30% of security professionals have or still use birthdays, addresses, pet names or children names for their work passwords, Thycotic said. But about half (45%) of respondents said they believe privileged accounts accounted for at least half of the cyberattacks.
Full Article. Most Users Haven't Changed Social Media Passwords in a Year
