Irish pretty good with password security – survey

3 Jun 2011

Irish internet users’ passwords are more secure than the global average, according to new research.

Starting from the basis that the most widely used passwords in the world are ‘123456’ and ‘password’, the survey asked Irish computer users whether their passwords resemble any of a series of suggested options, ranging from basic to more complex types that are more difficult for cyber criminals to guess or detect.

Almost two in five people in Ireland (38pc) have passwords combining letters and numbers for their email, such as ‘jimmy34’ or ‘ron45xyz’. One in five people use complex passwords that are harder to crack because they include lowercase and uppercase letters, as well as numbers and punctuation marks. This was split evenly between people who use passwords like ‘Roisin75’ and those who use ones like ‘MoCon-07’.

Invented words are popular with 11pc of email users. The survey suggested examples like lianwer, gianron or cavoveti. These kinds of passwords were most popular among women, people under 25 and people living in Leinster. One in 20 respondents use longer expressions; the survey suggested phrases like ‘Don’tforgettocallmother’, or ‘ican’tbebeaten’.

However, the research also found that more than one-fifth of Irish internet users (21pc) still use simple passwords, a figure that increases for people in Connacht and Ulster, and among 35-44-year-olds.

The survey was carried out by market researcher Amárach on behalf of the security software provider ESET Ireland. A varied, nationally representative target audience of 1,000 people were polled, comprising 850 online responses and 150 answers from face-to-face interviews.

In a statement commenting on the survey, ESET Ireland’s cyber crime analyst Urban Schrott said despite the generally positive result, people can’t afford to be complacent.

“Cyber criminals want our passwords. They can hack into our email, our social networks, then steal our identity and mail our friends or institutions with financial scams in our name, which could even get us in trouble. They try to get into our PayPal, eBay and Amazon accounts, into other online shopping sites, even our online banking – to steal our money. All these use a password and if it is weak, then our accounts are vulnerable,” Schrott said.

How to make passwords more secure

ESET gave tips for people who want to make their passwords more secure: to use letters, numbers and punctuation in a password and not to rely on combinations like a name, date of birth, or a word that could be easily guessed from looking at someone’s Facebook profile. Invented or deliberately misspelled words are also better than real ones for passwords, and using the same password on multiple sites or computers is not advised. Lastly, passwords should be changed regularly.

That might be setting the bar high for many people, especially anyone who finds computers intimidating. Prof Fred Piper, a security and cryptography expert of 30 years’ standing, warned that imposing stringent password rules on people often backfires and results in less security. Speaking at the ISSA Ireland annual conference last month, he said: “I see an awful lot of policies where it is impossible for employees to stick to the rules … if you have a password policy which says ‘use uppercase, lowercase and symbols and it must be 14 characters long, you get a policy that nobody can adhere to.”

Gordon Smith was a contributor to Silicon Republic