By Sarah Coles, Aug 30, 2016; Updated: Aug 30th 2016 01:13 PM
Xoomworks have warned that when people are relaxing and clearing their head over the summer holidays, many of them clear just a little too much from their head, and forget their passwords. A quarter of people have forgotten their password after their holidays at some point in the past three years.It means that when they return, they have to change all their passwords, both at work and at home, and this is where security issues creep in.
The security boffins interviewed people about the password resetting habits, and discovered that when people are trying to get back into the swing of things, they hate the inconvenience of having to set their password. They have to jump through so many hoops to get the job done, that by the time they get to the point of inputting a new one, they don’t have the time or energy to come up with something clever.
To make matters worse, they have in the forefront of their mind that clever passwords are hard to remember, so 77% of them pick something that’s ‘significantly easier to remember’.
The company also discovered that 80% of people stick to the same memorable word or phrase for their password each time. They simply modify a letter or number of it each time they are asked to create a new password. On their return from holiday, they remember the stock word, but they forget the most recent modification. It means that they are more likely to revert to the unmodified word or phrase when they reset it.
It dramatically increases their chances of picking something that’s easy to guess.
This reflects research by GCHQ, released in May. They said then that when people change their passwords: “The chances are that the new password will be similar to the old one. Attackers can exploit this weakness. The new password may have been used elsewhere, and attackers can exploit this too.”
“The new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords.”
Instead, of using the same word each time, your best bet is to have a phrase, and take the first letter from each word in that phrase – changing any letters that look like numbers, so that ”I had fried eggs on toast for breakfast becomes 1HF30TFB.
You can then keep a note that jogs your memory handy, like ‘breakfast’ or ‘eggs’, which won’t help a hacker, but will ensure you can have a very different password for everything without forgetting it.
If you insist on having a memorable word, or chain of letters, then at least keep clear of the most common ones: 123456, 123456789, password, 101 and 12345678.