Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, are strongly
urging companies to educate their employees on the importance of
choosing unique and multiple passwords to thwart the onslaught of
cyber criminal activity in the workplace.
A web poll of more than 500 business PC users*, conducted by
Sophos, has revealed that only 14% use a different password for
every website they access. A worrying 41% admitted to using the
same password all the time, and 45% admitted that they had a small
handful of different passwords to choose from.
Do you use the same password for multiple
|Yes, all the time
|I have a few different
"It is madness to use the same password for accessing a website
which tells you the football results, as the one which gives you
access to your online bank account," said Graham Cluley, senior
technology consultant for Sophos. "If hackers manage to steal your
password, and you use the same password for all websites, then it's
giving them an open invitation to steal your identity and leave you
with a large hole in your virtual wallet."
A further 500 strong poll asking system administrators if their
users chose weak, easy-to-crack passwords, divulges that nearly
three quarters of employees are falling into this trap.
Do your company's users choose weak
"Company defenses are only as strong as the weakest link in the
chain - which can often be the users. If users decide to make their
password the name of their girlfriend, favourite football team, or
pet goldfish then they are risking business data. Similarly, they
need to be educated not to choose dictionary words which are easy
for a hacking program to crack," continued Cluley. "Cyber criminals
are becoming increasingly canny at finding ways of exploiting
vulnerable users and pilfering funds. By ignoring, or not realising
how easily fraudsters can crack weak passwords, some employees are
practically handing their private information over on a plate.
Users must be vigilant in choosing multiple, unpredictable
passwords to ensure the security of business networks and personal
Sophos continues to recommend companies protect their desktops
and servers with automatically updated anti-virus protection, and
educate their employees on safe computing, including the intelligent
use of passwords.
* Sophos web poll, 533 respondents, April 2006
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.