- Jun 9, 2013
- 6,720
WASHINGTON
The requests cascade in: Reset your password. Update your anti-virus program. If, as a computer user, such digital demands irritate you, you may have computer “security fatigue.”
It’s an actual phenomenon, studied by behavioral scientists and computer security experts. It happens when users get bombarded with security warnings and demands for compliance. As a result, the studies show, three-quarters of computer users know how to make strong passwords but don’t practice what they know. It just seems too overwhelming.
After all, average users have dozens of accounts that require logins and passwords.
“We’ve been coming to realize that we’ve been asking people unreasonable things in terms of passwords,” said Dr. Lujo Bauer of the school of electrical and computer engineering at Carnegie Mellon University in Pittsburgh.
“It’s not possible to create 100 strong passwords that are unique and actually remember them. It’s even worse if we have to periodically change them,” he added.
IT’S NOT POSSIBLE TO CREATE 100 STRONG PASSWORDS THAT ARE UNIQUE AND ACTUALLY REMEMBER THEM.Lujo Bauer, computer security expert at Carnegie Mellon University
A new government study titled “Security Fatigue” argues that users feel it’s gotten too hard to maintain adequate security, so they’ve grown careless. Security may be getting worse.
“Users are tired of being overwhelmed by the need to be constantly on alert, tired of all the measures they are asked to adopt to keep themselves safe, and tired of trying to understand the ins and outs of online security,” warned the study by the National Institute of Standards and Technology, a unit of the Commerce Department.
And, hey, it’s not just average users. Think Silicon Valley tech honchos. Some of them just reuse the same simple password for multiple sites, a big no-no for computer security.
How else did Mark Zuckerberg have his Twitter and Pinterest accounts hacked last June? His password for both accounts was “dadada,” according to the hackers. Then there was Hillary Clinton campaign Chairman John Podesta, who this week had his Twitter account, his iPhone and his iPad hacked because he apparently used the same password for his Apple ID and Twitter.
Concern about online security grows apace with the frequency and volume of hacks of retailers, banks, social media and other sites that let vast numbers of passwords fall into the hands of hackers. So far in 2016, more than 500 million passwords have been leaked, according to a new study from LastPass, a password manager product from Logmein.com, a Boston-based software and cloud management company.
PEOPLE DON’T EVEN KNOW THAT THEY’VE BEEN HACKED.Joe Siegrist, vice president of LastPass, password manager software
“What you hear about is just the tip of the iceberg. People don’t even know that they’ve been hacked,” said Joe Siegrist, vice president of LastPass.
“It’s probable that everybody in the United States has lost a password or had one stolen, and they don’t even know about it,” Bauer said.
Problem is, if you reuse the password and it got swiped from LinkedIn or Ashley Madison or some other site that was hacked in the past year or so, maybe your bank account or social media account is at risk, experts said.
LastPass arranged a survey of 2,000 adults in the United States and five other developed countries to explore their password habits, and found that 91 percent know there is a risk to reusing passwords but 61 percent continue to do so.
The requests cascade in: Reset your password. Update your anti-virus program. If, as a computer user, such digital demands irritate you, you may have computer “security fatigue.”
It’s an actual phenomenon, studied by behavioral scientists and computer security experts. It happens when users get bombarded with security warnings and demands for compliance. As a result, the studies show, three-quarters of computer users know how to make strong passwords but don’t practice what they know. It just seems too overwhelming.
After all, average users have dozens of accounts that require logins and passwords.
“We’ve been coming to realize that we’ve been asking people unreasonable things in terms of passwords,” said Dr. Lujo Bauer of the school of electrical and computer engineering at Carnegie Mellon University in Pittsburgh.
“It’s not possible to create 100 strong passwords that are unique and actually remember them. It’s even worse if we have to periodically change them,” he added.
IT’S NOT POSSIBLE TO CREATE 100 STRONG PASSWORDS THAT ARE UNIQUE AND ACTUALLY REMEMBER THEM.Lujo Bauer, computer security expert at Carnegie Mellon University
A new government study titled “Security Fatigue” argues that users feel it’s gotten too hard to maintain adequate security, so they’ve grown careless. Security may be getting worse.
“Users are tired of being overwhelmed by the need to be constantly on alert, tired of all the measures they are asked to adopt to keep themselves safe, and tired of trying to understand the ins and outs of online security,” warned the study by the National Institute of Standards and Technology, a unit of the Commerce Department.
And, hey, it’s not just average users. Think Silicon Valley tech honchos. Some of them just reuse the same simple password for multiple sites, a big no-no for computer security.
How else did Mark Zuckerberg have his Twitter and Pinterest accounts hacked last June? His password for both accounts was “dadada,” according to the hackers. Then there was Hillary Clinton campaign Chairman John Podesta, who this week had his Twitter account, his iPhone and his iPad hacked because he apparently used the same password for his Apple ID and Twitter.
Concern about online security grows apace with the frequency and volume of hacks of retailers, banks, social media and other sites that let vast numbers of passwords fall into the hands of hackers. So far in 2016, more than 500 million passwords have been leaked, according to a new study from LastPass, a password manager product from Logmein.com, a Boston-based software and cloud management company.
PEOPLE DON’T EVEN KNOW THAT THEY’VE BEEN HACKED.Joe Siegrist, vice president of LastPass, password manager software
“What you hear about is just the tip of the iceberg. People don’t even know that they’ve been hacked,” said Joe Siegrist, vice president of LastPass.
“It’s probable that everybody in the United States has lost a password or had one stolen, and they don’t even know about it,” Bauer said.
Problem is, if you reuse the password and it got swiped from LinkedIn or Ashley Madison or some other site that was hacked in the past year or so, maybe your bank account or social media account is at risk, experts said.
LastPass arranged a survey of 2,000 adults in the United States and five other developed countries to explore their password habits, and found that 91 percent know there is a risk to reusing passwords but 61 percent continue to do so.
Full Article. Why asking you to change your password makes it easier to hack the system
