Consumer Reports Survey: 75 Percent of Americans Don’t Use the Strongest Kind of Passwords for Their Most Sensitive Accounts
People who use the same password for many accounts take a big risk
YONKERS, NY — Strong passwords should contain at least eight characters and have a combination of upper and lowercase letters, a numeral and a special character. According to Consumer Reports’ new survey, three-quarters of Americans don’t protect their most sensitive accounts with a strong enough password, leaving them vulnerable to attacks by hackers. The full findings can be found in the January 2012 issue of Consumer Reports and online at www.ConsumerReports.org.
Consumer Reports national survey of 1,000 adults also uncovered other ways consumers are putting their personal information at risk:
Thirty-two percent of respondents used a personal reference in their passwords.
Twenty-nine percent store passwords on a list they carry with them, near their computer, or in an insecure file on their tablet or mobile device; the same percentage also use passwords on their most sensitive accounts that are too short – with seven or fewer characters.
Almost 20 percent used the same password for more than five accounts.
Five Ways to Protect Passwords
To protect online accounts, Consumer Reports advises consumers to follow the password-protection measures below:
Don’t use the same one twice. Use a different password for each sensitive website like banking, online shopping, and social networks. If a hacker obtains a password you use from one site, he’ll have access to your other accounts. To make passwords easier to remember, it’s fine to use a similar character pattern from site to site, varying part of it in a way that’s intuitive to you but not obvious to anyone else.
Make passwords strong. Create a password that contains a minimum of eight characters. Include an uppercase and a lower case letter, plus a digit and a special character.
Avoid the obvious. Hackers have extensive dictionaries of widely used passwords. When composing a password, don’t use common words, names or facts that someone can easily guess or find out. Avoid predictable patterns, such as starting with an uppercase letter.
Keep passwords safe and up-to-date. Don’t write down full passwords, but, if you must, keep them under lock and key. Don’t give passwords to anyone over the phone, via e-mail, or through a social network. Consider replacing old passwords with stronger ones; they may once have been strong enough but may now be too weak for today’s hackers.
Secure computers and browsers. Keyloggers and other malware are a real risk, especially on publicly accessible computers. Keep operating systems and major applications up-to-date. Run an effective security software suite that automatically updates itself. When browsing a password-protected website, look for “https” in the site’s address. Sign into accounts by typing the URL into the browser, not by clicking on a link in an email; it could take you to a fake site.
The full report, “Hack-proof your passwords,” also features insight and advice from computer security experts and gives tips on creating a strong password that’s easy to remember. The article can be found in the January 2012 issue of Consumer Reports and online at www.ConsumerReports.org.
Consumer Reports is the world’s largest independent product-testing organization. Using its more than 50 labs, auto test center, and survey research center, the nonprofit rates thousands of products and services annually. Founded in 1936, Consumer Reports has over 8 million subscribers to its magazine, website and other publications. Its advocacy division, Consumers Union, works for health reform, product safety, financial reform, and other consumer issues in Washington, D.C., the states, and in the marketplace.