Users suck at secure passwords. Help them.

by Kristen Wilson
September 30, 2016

How many of your users are using insecure and compromised passwords?

You have a standard password strength meter on your site so you may think that your users have secure passwords. Think again. 

Let me throw some numbers out at you:

  • The average online user has 90 accounts (inactive, active, personal,  work, daily use, one-time purchase, etc.) That is a lot of passwords to remember...
  • According to an Ofcom poll, 55% of users over 16 used the same password for most, if not all, websites. How many of your users are within that 55%?  Probably more than you would like to admit...
  • Over the past few months, we have collected over 1.4 Billion compromised passwords that are publicly available. And that is just the tip of the iceberg.

So how does this translate?

As an example: Of a company with 1000 user accounts, around 550 of the users will use the same password across 90 accounts.

That is a whopping 49,500 accounts!  Chances are pretty high that some of those accounts have already been exposed.

Hackers love that 55% because if there is a data breach on one site, they can use the same credentials to gain access on other sites.

It has a nasty domino effect and can infect organizations in various ways.  

  • Customers can be charged for purchases they did not make
  • Employees could have sensitive data stolen using their own credentials
  • Malware can be installed through legitimate accounts

All sorts of shenanigans.  And all because the user is unaware that they are using a known, compromised password.

The bottom line-  Users are often the weakest link because they are lax about their own passwords.

Password strength meters and password complexity requirements are simply not enough.

IT and Development cannot combat it alone. 

So what do you do? (besides locking customers out of their own accounts?!?)

Inform your users of compromised passwords when they set up their accounts!

Enforce the right behavior for creating a strong password on your site. PasswordPing is  an easy-to-deploy enhanced password strength meter that checks for hacked passwords. 

PasswordPing can help you, help them.

PasswordPing launched last week and you can learn more at www.passwordping.com

Enzoic (formerly PasswordPing)

View profile
Follow

Jobs at Enzoic (formerly PasswordPing)

Colorado startup guides

LOCAL GUIDE
Best Companies to Work for in Denver & Boulder
View
LOCAL GUIDE
Coolest Tech Offices in Denver & Colorado Tech
View
LOCAL GUIDE
Best Perks at Colorado Tech Companies
View
LOCAL GUIDE
Women in Colorado Tech
View
See All Guides