Only Five Percent of Users Have Non-Letter Characters in Their Password

A survey conducted by antivirus vendor BitDefender revealed that only five percent of people use digits or special characters in their passwords and that sixty percent use single-case-only access codes.

The conclusions are the result of a questionnaire taken by 1,000 random individuals, half men, half women, from 16 countries, with an average age of 29.5 years.

The questions attempted to determine passwords strength and habits and were individually explained to respondents in a live interview.

Results revealed that 67% of users have more than five password-protected online accounts, with one in four having six accounts and almost one in three having seven or more.

Meanwhile, 73% of respondents said that they reuse the same password, a bad habit that security experts have tried to change for years.

The practice poses serious problems, since some accounts hold more value than others. For example, an online banking account is clearly more sensitive than a social networking one.

With password reuse, if one account gets compromised, all of them are fair game. In July, we reported how Turkish hackers broke into the PayPal accounts of Israelis, whose usernames and passwords were stolen from an insecure Pizza Hut website.

Furthermore, one in four respondents said that their password was six characters long. This, combined with the fact that 63% of them only use single-case alphabetic characters, means that a large percentage of passwords are trivial to crack via brute force.

And to top it all off, BitDefender also claims that 12% of the respondents showed a willingness to disclose their password to the surveyors, in order to recieve advice about its strength.

Most websites recommend eight-character passwords, but security experts note that with recent hardware-accelerated attacks, this password length is no longer suitable.

People tend to choose easy to remember words for passwords, however, the best approach is to use a passphrase composed of multiple words.

For example, the password $IwasborninMichiganin1963$ is meaningful, easy to remember, has 26 characters, contains upper-case and lower-case letters and has both digits and special characters.