A new Sophos password survey shows some improvement in the the number of computer users depending on one, generally weak, password for multiple sites and purposes. Only a third or so of respondents admitted to using the same password for multiple sites. Only a third!The Sophos
survey of password practices found that while 48% of the (unscientific, by Sophos's admission) survey respondents said they use multiple unique passwords at least some of the time, only 19% said that multiple passwords -- a unique password for each site requiring password access -- was constant practice.
Fully a third of the participants copped to using the same password for every site.
Care to bet how strong those passwords are? Neither would I, but you can bet, safely, that the cybercrooks know just how weak many if not most of those passwords are, and are counting on it.
The makers of the Conficker worm, in fact, built in a list of 200 commonly used passwords that their creation uses to test -- and bypass! -- system defenses. Here's a sampling: