Infosecurity

Using same password poses major security risk: Sophos

By Robin Hicks | 12 March 2009

The tendency for internet users to use the same password for different web sites poses a major security risk to public and private sector organisations, according to a survey conducted by IT security firm Sophos.

View photos

Related Articles

• Social media security risks exposed
• Singapore launches public transport security portal for youths
• Singapore: dirty bomb poses major threat

Related Categories

• INFOSECURITY

From this Section

• NEWS

One third of respondents said they used the same password for multiple web sites, while only 19 per cent said they never use the same password.

Paul Ducklin, the head of technology for Sophos Asia Pacific, said the problem poses a risk to peoples’ employers as well as themselves, partly because of an increase in flexible work hours.

“It is increasingly rare for people to be online only at work,” said Ducklin. “People often forward work to their web-based email accounts to do at home. The risk is that the good habits formed at work are not being taken home.”

Ducklin suggested that organisations forbid users to use their own passwords, and enforce the use of tokens that operate independently of the computer they’re working on. Tokens, which are already widely used in the banking industry, contain passwords that change regularly.

The Sophos survey follows a number of recent cyber attacks where hackers have bypassed password security to gain entry to web mail and social networking sites.