Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

51% of Computer Users Share Passwords

Unknown Lamer posted about a month ago | from the rm-rf-/-of-shame dept.

Security 117

An anonymous reader writes Consumers are inadvertently leaving back doors open to attackers as they share login details and sign up for automatic log on to mobile apps and services, according to new research by Intercede. While 52% of respondents stated that security was a top priority when choosing a mobile device, 51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues. The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.

cancel ×

117 comments

Sorry! There are no comments related to the filter you selected.

Same Divorce Rate (0)

Anonymous Coward | about a month ago | (#47712329)

No. It's THE code breaker. No more secrets...

Same Divorce Rate (0)

Anonymous Coward | about a month ago | (#47713399)

Seatec Astronomy

I do not (0)

Anonymous Coward | about a month ago | (#47712335)

I am one of the 49% percent...

Re:I do not (3, Informative)

alphatel (1450715) | about a month ago | (#47712409)

49percent

That's my password...

Re:I do not (0)

Anonymous Coward | about a month ago | (#47712821)

Oh, and change the combination on my luggage.

Re:I do not (1)

Anonymous Coward | about a month ago | (#47713543)

49percent

That's my password...

That's not your password. I tried logging in. You lied.

Logged in to email? (4, Informative)

NoImNotNineVolt (832851) | about a month ago | (#47712351)

The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.

Yes, god forbid people "leave themselves logged in" to their email accounts on their mobile device. I guess we're not supposed to use push email but instead enter our email passwords into our phones every few seconds to get timely email alerts?

It's too bad that the cell network itself lacks any meaningful security mechanisms. I mean, if someone gets a hold of your phone, they can just start texting and calling without having to "log in" on the network at all. It's amazing that the world hasn't collapsed as a result.

Re:Logged in to email? (0)

Anonymous Coward | about a month ago | (#47712461)

If someone gets my phone they will be prompted to unlock the phone. By default it has pretty low security - face unlock backed by a pattern. However, when one of my family's phones go missing (which happened the other day - one was left at a store), we immediately use Android Device Manager to put a strong pass phrase on the phone, set the "call owner" number (which can be called without unlock like 911 calls), and put a "return to" message on it. You can put a code like Ph0n3L0cK3D or something - think of something stronger and less 1337. I don't see our email or other apps "left logged in" at any reasonable risk at that point. BTW, we got the phone back from the store just fine...

Re:Logged in to email? (2, Insightful)

Anonymous Coward | about a month ago | (#47712961)

No, the "thief" will just remove your SIM card and put it into their phone before calling all sorts of nefarious 1-900 numbers or otherwise charge money onto your phone-place. The GP assertion is correct that "It's too bad that the cell network itself lacks any meaningful security mechanisms."

Re:Logged in to email? (1)

clonehappy (655530) | about a month ago | (#47714393)

Because you haven't been able to set a SIM PIN since, say, SIM cards were invented, right? Just because no one uses the security mechanisms available doesn't automatically make it the cell network's fault when someone rips you off. Set a device PIN and a SIM PIN and you're all set. Takes about 10 seconds.

Re:Logged in to email? (0)

Anonymous Coward | about a month ago | (#47712489)

If you encrypt your phone it's not much of an issue. There's a short period where you can unlock without the password, but after that it requires a password be entered in order to gain access to the device. The only thing you can do without that is call 911.

passwords on the device/session level, not app (5, Insightful)

tverbeek (457094) | about a month ago | (#47712501)

Of course I leave the apps on my phone "logged in"; that's how they're supposed to work. Obviously this only makes sense if there's a password to access my phone (or on my account if the device supports them), but if not, it's the lack of password on my phone that marks me as a security-oblivious idiot, not the fact that I'm using the apps as they were designed to work.

how many websites share passwords. hmm? (0)

Anonymous Coward | about a month ago | (#47712975)

this is just more blaming the user. see credit cards.

Re:passwords on the device/session level, not app (1)

Ravaldy (2621787) | about a month ago | (#47713005)

Phones today are as important as your wallet. Losing it can result in identity theft. It's not a new issue, it's just that it's taken a new form.

As tverbeek stated, putting a password on the phone is the most logical thing to do and probably the only thing one can do.

Sharing passwords is the result of people being miss informed or not understanding what can happen. There's also a laziness component to it. At home it's one thing but at work I explain to users that sharing their password is like trusting the other users with their employment. If one employee wants to sabotage them, they can easily do it. I've seen a employee get fired over something similar.

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47712661)

Our main problem is that our cell phones are our only phones. We don't have a land line. So if we need to call 911, we need to be able to access our phones. More than that, though, we have 2 young kids and if they need to dial 911, they need to be able to pick up our phones and call 911. As it is, teaching them to swipe to open the phone, click on the phone icon, and then dial 911 can be tricky. (Compared with "pick up the land-line phone and press 911".)

If anyone knows of any app that keeps the phone locked out (so you need to enter a password to get into your apps) but which enables easy dialing of 911 (or selected people on your contact list). I'd be more than happy to hear what they are. That would be the perfect balance between securing your phone and keeping it easy for my kids to use to call 911 or relatives who live close by. (Not that those lock-screen passwords are perfectly secure, but they're better than swipe-to-unlock.)

Re:Logged in to email? (1)

tinytim (25110) | about a month ago | (#47712729)

??? Have you tried pressing the "Emergency Call" text on the lock screen?

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47713049)

There isn't any "Emergency Call" text on my lock screen. (Android 4.4.2 on a Verizon Wireless Droid RAZR HD.)

Re:Logged in to email? (1)

Chris Mattern (191822) | about a month ago | (#47713541)

My Android 4.1.2 on a Verizon DROID 4 certainly has it. It's required to be there. Look at the bottom of your lock screen (It *is* a lock screen, right? Requiring a code to unlock the phone? It's not there if your phone's not locked and you can just swipe to select the function you want).

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47714237)

Ah. I could have sworn that when I set up proper locking mechanisms on the phone that there wasn't any option to call. I just tried it again, though, and there is an "Emergency Call" text. For a test, I tried using my cell phone to call my work number and it said that this number wasn't an emergency number. My next question would be how would I specify certain emergency numbers? (This way, if my child has my phone and needs to call a relative that they know the number of, they can without having to know my unlock code and thus having full access to the phone.)

Re:Logged in to email? (3, Informative)

tlhIngan (30335) | about a month ago | (#47714771)

Ah. I could have sworn that when I set up proper locking mechanisms on the phone that there wasn't any option to call. I just tried it again, though, and there is an "Emergency Call" text. For a test, I tried using my cell phone to call my work number and it said that this number wasn't an emergency number. My next question would be how would I specify certain emergency numbers? (This way, if my child has my phone and needs to call a relative that they know the number of, they can without having to know my unlock code and thus having full access to the phone.)

You can't.

The emergency call is for calling emergency numbers. It's a small list - 911, 999, 111, 122, etc. In fact, I think on modern cellphones, you can call ANY emergency number and it'll connect you to emergency services. So in North America, if you dial 999 (Europe emergency) you will connect with 911 automatically - the phone interprets the number as emergency and basically does a emergency dial (it's a special control code so the tower will kick someone off if it needs to in order to connect you).

It's not a huge list of numbers, and it's coded into the software as it has to recognize if you're calling emergency services and to place it as a high-priority call on the network.

And no, it doesn't include your relatives number - that's not the intent. The intent is to be able to make a call to emergency services regardless of lock screen status, service status, etc. (It's how those used cellphone charities work - they collect deactivated cellphones for people so they have a way to get to emergency services).

Re:Logged in to email? (1)

Chris Mattern (191822) | about a month ago | (#47714997)

You can't.

This isn't necessarily universal, as it's not required like 911 access, but you can certainly do it on my phone. Go into "People", select "In case of emergency" (it's big and bold at top) and you can select contacts from your contact list to be emergency contacts. These can then be called from the lock screen with the "Emergency contacts" button.

Re:Logged in to email? (1)

shadowrat (1069614) | about a month ago | (#47712731)

If anyone knows of any app that keeps the phone locked out (so you need to enter a password to get into your apps) but which enables easy dialing of 911 (or selected people on your contact list). I'd be more than happy to hear what they are. That would be the perfect balance between securing your phone and keeping it easy for my kids to use to call 911 or relatives who live close by. (Not that those lock-screen passwords are perfectly secure, but they're better than swipe-to-unlock.)

yes. it's called iPhone. there is an option to make an emergency call from the lock screen. I'm pretty sure the same thing exists on most android and windows phones.

Re:Logged in to email? (3, Informative)

jandrese (485) | about a month ago | (#47712783)

It is actually required by law to be there. All phones must be capable of making an emergency call without being unlocked.

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47713329)

It would really surprise me if the phone was required by law to be able to make emergency calls while locked since my Android phone doesn't seem to have this feature.

Re:Logged in to email? (2)

Chris Mattern (191822) | about a month ago | (#47713479)

It would really surprise me if your Android phone *doesn't* have this feature, because it *is* required by law. Mine certainly has it.

Re:Logged in to email? (2)

Frobnicator (565869) | about a month ago | (#47713977)

It would really surprise me if your Android phone *doesn't* have this feature, because it *is* required by law. Mine certainly has it.

This is one of those funny cases were people accidentally out themselves as not securing their phone.

The phones legally must display it in most countries, but only if the phone is locked or password protected. If there is no password required to get in, just a "swipe to unlock" rather than a security system, the button does not appear.

Lack of emergency call button == unsecured smart phone.

(Or a fairly old phone, or a hacked phone that breaks the law in many nations.)

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47714259)

I just tried setting up an actual lock screen (with a password) and sure enough there is an "Emergency Call" item now. (I could have sworn I had tried this in the past and hadn't seen one, but it's possible I overlooked it somehow.) For a test, I tried using my cell phone to call my work number and it said that this number wasn't an emergency number. My next question would be how would I specify certain allowed emergency numbers? (Beyond 911, obviously.) This way, if my child has my phone and needs to call a relative that they know the number of, they can without having to know my unlock code and thus having full access to the phone.

Re:Logged in to email? (0)

Anonymous Coward | about a month ago | (#47715499)

Open up your contacts app, open up settings, and find the section with "caller groups" - Favorites, Friends, Family, etc. are typical - and one of them should be called ICE (in case of emergency) contacts. Pretty self explanatory at that point

Re:Logged in to email? (0)

Anonymous Coward | about a month ago | (#47712789)

You can call 911 without unlocking the phone...even on older smartphones.

Re:Logged in to email? (1)

nedlohs (1335013) | about a month ago | (#47712831)

Don't they all do that already - at least the 911 part. Every cell phone I've ever owned of the dumb and smart variety have all allowed calling 911 while locked. I'm pretty sure it's a legal requirement that they call 911 when they are locked and when they have no sim card.

On my samsung you can add numbers to the emergency contact group and they'll be callable from the emergency call button that shows up on the lock screen as well as 911. Given it's a samsung there is a 0% chance that they didn't copy that from elsewhere and hence iphone's must do the same thing (and probably all the other smart phones too).

In fact people keep complaining about it - apparently it's easier to butt dial 911 when the phone is locked then when it isn't :)

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47713301)

I've been checking on my phone (Motorola Droid RAZR HD with Android 4.4.2 on Verizon Wireless) and can't find any Emergency Contacts feature. There's an "Owner Info" section where I can put text on the home screen, but that's limited in function. Would be best as a "If found, please call 555-1212" text, not as a "Click this to call 911 or selected contacts."

Re:Logged in to email? (1)

ColdWetDog (752185) | about a month ago | (#47712897)

I know this is all retro and stuff, but land lines aren't dangerous or particularly expensive. Mine comes with my Internet connection, YMMV.

And, although emergencies are fortunately rather rare, I would prefer to depend on my land line than my AT&T-we-might-complete-this-call-if-we're-having-a-good-day cell phone.

Re:Logged in to email? (1)

Jason Levine (196982) | about a month ago | (#47713195)

We ditched our landline years ago to save money. It was costing us way too much a month for the landline when we were almost never using it. We first switched our landline number to a dedicated mobile phone since it was cheaper than an actual landline. Then, we moved that to a Google Voice account ($40 one time fee). The first week of our going cell-only, my youngest son had a febrile seizure (one of many he's had) and we called 911 with our cell phones. The 911 call went flawlessly and they arrived just as rapidly as they had when we had a landline.

Re:Logged in to email? (1)

Cro Magnon (467622) | about a month ago | (#47715479)

Reputation aside, I seldom have any trouble with non-emergency calls from my AT&T iPhone, and the landline is only useful if you're at home, preferably in the same room as the phone.

I definitely share password with family (4, Insightful)

mccalli (323026) | about a month ago | (#47712363)

Specifically, with my wife. If I'm ever in the proverbial hit-by-a-bus scenario, there are accounts she will definitely need to know and access.

Whilst technically correct that this increases risk of the password being revealed, it is an absolute necessary of an overall risk reduction strategy for online accounts (cancelling bills etc.).

Re:I definitely share password with family (2)

Chris Mattern (191822) | about a month ago | (#47712437)

The *right* way to cover the "hit-by-a-bus" scenario is to put all your passwords into an encrypted repository, and only give your wife the password to the repository. Ideally, the repository should then be placed in a safety deposit box that can't be accessed outside of the hit-by-a-bus scenario, but that would admittedly be an extra expense and arguably overkill.

Re:I definitely share password with family (5, Funny)

makq (3730933) | about a month ago | (#47712477)

I assume your wife is not a bus driver, right? If so, your password repo might give her extra incentive.

Re:I definitely share password with family (1)

i kan reed (749298) | about a month ago | (#47712515)

It's better than the messy divorce scenario, I guess.

I guess I've found that there aren't any accounts anyone needs access to(by means of password) other than netflix. So... my girlfriend has my netflix password.

Re:I definitely share password with family (1)

DERoss (1919496) | about a month ago | (#47712547)

I did the same. My Web user IDs and passwords are in an envelope in my bank's safe deposit box as well as in a strongly encrypted file on my PC. The encryption key exists only in my head and in that envelope.

But for some non-Internet files (e.g., complete PC backups, tax returns from prior years), the files are encrypted via PGP. Decrypting them requires a passphrase (longer than a password, with embedded blanks and punctuation); some require my PGP private key. The envelope in the safe deposit box contains the passphrase on paper and the private key on a floppy, on a CD, and on paper. Otherwise, the passphrase exists only in my head. (My PGP public key is indeed public and is found on a number of key servers around the world.)

When my wife's cousin died, his widow could not access anything on his PC. I hope my wife does not have that problem.

Re:I definitely share password with family (2)

nbauman (624611) | about a month ago | (#47713597)

Ideally, the repository should then be placed in a safety deposit box that can't be accessed outside of the hit-by-a-bus scenario, but that would admittedly be an extra expense and arguably overkill.

The problem with a safe deposit box is:

(1) The survivor needs to be authorized to access the safe deposit box after death, and then needs a death certificate. http://www.ehow.com/how_579095... [ehow.com] You're letting the bank decide who gets access to your passwords.

(2) Anybody with a judge's order can also access the safe deposit box, even if the owner isn't dead. So a safe deposit box isn't a good place to keep your Swiss bank account passbook, or anything else you don't want the government or the adverse party in a lawsuit to get.

Re:I definitely share password with family (1)

DERoss (1919496) | about a month ago | (#47714639)

Problem #1 is NOT a problem in California. A safe deposit box at a bank is not sealed when one of the owners dies. Those who are on the signature card to open a safe deposit box retain full access after one of them dies.

In my case, the box is part of a bank account that is owned by a living trust that is part of my wife's and my estate plan. For continuity, our trust requires that there always be two trustees; and our heirs are excluded from being trustees to prevent conflict among them. Nevertheless, our son was on the signature card for the safe deposit box; the bank allows existing signers to add anyone to the card. When he died, the bank required a new signature card without his name on it. We then added our daughter to the card. If either my wife or I die, the trustee-in-waiting named in the trust document becomes the second trustee. She will then be added to the signature card. In the meantime, the bank does not block any access to the box by anyone on the current signature card when one of them dies.

For problem #2, I do not disclose at which bank -- let alone at which bank branch -- our safe deposit box is located. I definitely do not disclose the box number. If a court order was issued to access the box, it would have to be served on me for me to locate the box. At that point, I would have the opportunity to go back to court to challenge the order. Anyway, there is nothing on our box that represents criminal activity. A civil lawsuit that would require the other party to access my box might involve an improper "fishing expedition" since the other party would not have any prior knowledge of the box's contents.

Re:I definitely share password with family (1)

callahan2211 (1963904) | about a month ago | (#47712493)

I used to use the hit-by-a-bus scenario, but now I use the slightly modified but more favorable hit-by-a-beer-truck scenario. ;-)

Re:I definitely share password with family (0)

Anonymous Coward | about a month ago | (#47712499)

And in the case of a spouse it's a necessity in keeping your marriage.

Re:I definitely share password with family (0)

Anonymous Coward | about a month ago | (#47712579)

Another scenario is sharing your password with someone you trust to fix a problem. But these guys scream "personal data at risk!!!1!", they don't see the overall expected value benefit. They might as well say that 75% of people drive cars, which puts their life at risk.

Re:I definitely share password with family (1)

s.petry (762400) | about a month ago | (#47712807)

No and No again.

Even if you trust someone to fix a problem, why would you trust them with your password? Set a temporary password so they can fix something, then change it back when they are done fixing. I have no idea why you would give someone the temptation, especially when there are simple safe alternatives.

No, it's not the same thing as just driving a car or having risks while driving a car.

If you want a "proper" car analogy...

Your friend needs to borrow your car. Would you make your friend a copy of your keys or give them the spares without the expectation that you get the keys back? No! You would give them your keys and expect that both the keys and car are returned later.

Sure, they could go make copies of the keys, just like someone could install a back door. If you "trust" someone you hope not.

Re:I definitely share password with family (0)

Anonymous Coward | about a month ago | (#47713623)

As you said, your friend could go make copies of the keys, just like the problem fixer could install a back door. You noticed both flaws with your "simple safe alternatives" but didn't realize they destroyed your entire argument.

Re:I definitely share password with family (1)

vux984 (928602) | about a month ago | (#47714245)

Even if you trust someone to fix a problem, why would you trust them with your password? Set a temporary password so they can fix something, then change it back when they are done fixing.

These days, common as not, you aren't allowed to set it back to what it was before. I think gmail, for example, now enforces password history for example. Pretty infuriating, because I DO generally change passwords before giving someone temporary access.

If you want a "proper" car analogy...

You would talk about those cars with the little number pad above the door handle?

http://support.ford.com/vehicl... [ford.com]

I have no idea why you would give someone the temptation, especially when there are simple safe alternatives.

a) You can't change the password from where you are. Happens all the time. Maybe you are giving the person the password precisely so they can help resolve the problem preventing you from logging in where you are.

Your buddy borrowed your truck, you lent him the keys, and he locked them in the cab... he's 500 miles from anywhere. Do you tell him the keypad code?

Best practices says if you do this, change the code when you get the truck back. No problem.

Maybe you have a whole fleet of trucks, and for simplicity you had the same code on all of them. Now your fucked and have to re-key the whole fleet...

b) Cases where changing the password creates rolling chaos. Think scenarios where the same password is on several devices. For example you want to let a guest onto your home wifi but don't want to give him the password -- changing it while he visits knocks everything else you have off the network. Other scenarios -- backups, where multiple computers backup to a service and all use the same key, or various file sync things, where changing the password will throw errors up all over the place.

Re:I definitely share password with family (1)

s.petry (762400) | about a month ago | (#47714355)

Are you seriously attempting to imply that the rare exception should justify the rule for normal behavior? I really hope not, but that's how I read what you wrote.

Re:I definitely share password with family (1)

vux984 (928602) | about a month ago | (#47714735)

Are you seriously attempting to imply that the rare exception should justify the rule for normal behavior? I really hope not, but that's how I read what you wrote.

Not at all. When you can change to a temporary and back you should. But the exceptions where that isn't simple aren't all that rare. (And in the case of systems that won't let you change back, you often don't find out until after you've gone down the rabbit hole; so its especially annoying.)

Wifi pre-shared keys for example are a prime common-as-dirt scenario, where its a giant PITA to change them for a temporary guest, just to avoid sharing your password.

Re:I definitely share password with family (0)

Anonymous Coward | about a month ago | (#47712713)

I share one password with my wife, and we don't have it written down; it's easily memorable. It's used in one place only - to encrypt a list of passwords in a file, including the admin passwords for the router and servers. This file is on several drives (all of which are backed-up) on our LAN. The file is accessible to all accounts on the LAN, including my wife's.

sigh (2)

retchdog (1319261) | about a month ago | (#47712367)

the overwhelming amount of real danger is from database compromises, which this has almost (almost!) nothing to do with.

smells like fud to keep people from sharing their paid services with friends and family. fuck that.

Android makes this worse. (1)

ron_ivi (607351) | about a month ago | (#47712457)

Android's especially annoying how a single tablet is linked tightly to a single google account. To have a table that's shared among all people living together, you practically have to set up a shared google acccount.

Re:Android makes this worse. (3, Informative)

cr_nucleus (518205) | about a month ago | (#47712561)

Don't know what version you're running but android does support multiple accounts since 4.2 [androidpolice.com] .
I've being enjoying it for a while now.

AFAIK it's the only mobile OS doing so.

Re:Android makes this worse. (1)

jones_supa (887896) | about a month ago | (#47712827)

AFAIK it's the only mobile OS doing so.

That seems to be true. Here's additional proof that Windows Phone [windowsphone.com] and iOS [zdnet.com] do not currently support such feature.

Re:Android makes this worse. (1)

Nimey (114278) | about a month ago | (#47713121)

Only on tablets, though. Phones are still single-user.

Re:Android makes this worse. (1)

EmagGeek (574360) | about a month ago | (#47714225)

Both of our Android phones both have multi-user capability.

Re:Android makes this worse. (1)

Nimey (114278) | about a month ago | (#47714389)

Huh. Multi-user as in you can switch accounts at the lock screen?

Re:Android makes this worse. (1)

jader3rd (2222716) | about a month ago | (#47713993)

AFAIK it's the only mobile OS doing so.

Windows RT allows for multiple accounts.

90% of people are retarded (0)

Anonymous Coward | about a month ago | (#47712459)

So are you really surprised? Honestly I'm surprised it's not higher.

Re:90% of people are retarded (2)

Wycliffe (116160) | about a month ago | (#47712557)

I'm also surprised it's not higher but not because people are stupid but because there are a bunch of different use cases.
Even if the bank allows it, what advantage does a husband/wife have to create separate logins for a joint account?
There are plenty of people that share accounts. There might be a sales email address that multiple people in an office take turns checking.
I know quite a few husband/wife pairs that share a single facebook account and I even know a few that share a single email address.
It's not because they're stupid but rather if one or both of them is a light user then it's easier to just have everything in one place.
There are also plenty of not-so-important accounts that people don't really care about and leave the password on a post it note or use 123123 as
the password because there is nothing of importance there and even if someone bothered to hack it, they wouldn't really care.

Re: 90% of people are retarded (1)

frikken lazerz (3788987) | about a month ago | (#47712963)

What happens when the inevitable divorce comes along? Flip a coin, your odds of getting in a divorce are the same. Are you make the facebook account part of the divorce court?? I can see it now - "She gets ownership of the pictures, but you get to keep the gaming high scores!" Simply put, it's pretty stupid to share any account, even if you are "forever in love".

Re: 90% of people are retarded (2)

Wycliffe (116160) | about a month ago | (#47713247)

If a divorce happens, then having a joint login isn't really a problem as you already
both have access to the money. So you both can log in and see that the other person
already emptied the account. No need to worry about changing the password.

Same with mortage accounts. The fact that the login/password is shared is less
important that the fact that you own a house together. The login/password is
usually only useful for paying the bill and not much else anyways.
It seems pointless to have 2 separate login/passwords and even stupider if
those 2 separate login/passwords can't see each other's payment histories.

Re: 90% of people are retarded (3, Insightful)

bws111 (1216812) | about a month ago | (#47713789)

What an idoitic statement. First, if something has a 50% chance of happening then it is certainly not 'inevitable'. Second, divorce is not a random event, so comparing it to a coin toss is exceedingly stupid. Passwords aside, we already 'share accounts'. We have joint checking and savings accounts, a joint mortgage, joint ownership of the house, joint ownership of a timeshare, file joint tax returns, etc. What is so different about joint online accounts? Nothing.

Re:90% of people are retarded (1)

lolococo (574827) | about a month ago | (#47713151)

By "people" do you mean anyone not you? What kind of person are you if you're not "people"?

Re:90% of people are retarded (1)

gmhowell (26755) | about a month ago | (#47713811)

The rate increases when looking only at the subset of the population who post as AC.

NEWS FLASH!!! (2, Insightful)

jddeluxe (965655) | about a month ago | (#47712483)

51% of people on the internet are stupid, details at 11....

Re:NEWS FLASH!!! (2, Insightful)

Anonymous Coward | about a month ago | (#47712627)

Or... and this may sound zany but hear me out. Maybe 51% of people did a risk/benefit analysis and decided that giving someone there password was actually beneficial for them.

Re:NEWS FLASH!!! (2)

gmhowell (26755) | about a month ago | (#47713837)

Or... and this may sound zany but hear me out. Maybe 51% of people did a risk/benefit analysis and decided that giving someone there password was actually beneficial for them.

Not possible. Only people who use devices in exactly the same manner as that proscribed by a /. nerd can be beneficial. (No wireless, less space than a Nomad...)

Re:NEWS FLASH!!! (0)

Anonymous Coward | about a month ago | (#47712633)

Surprised it is that low to be honest.

Most likely higher since the ones that tend to answer these are moderately more intelligent than most.
So even these not-smart people are probably the smartest we know of that do this.

Re:NEWS FLASH!!! (0)

Anonymous Coward | about a month ago | (#47713999)

51% of people on the internet are stupid, details at 11....

Why is this marked insightful? People aren't stupid because they don't know. They are ignorant. Admittedly, "stupid" appears to have less cultural bias than "ignorant" but the first word implies they can't learn while the second implies they haven't learned. Of those, many never will because they have very little interest, yet at the same time are far more brilliant and capable of learning than many slashdot users.

Re:NEWS FLASH!!! (1)

EmagGeek (574360) | about a month ago | (#47714163)

That may be a true statistic, but the subset of 51% of people who are stupid are not necessarily the same as the subset of 51% that share their passwords.

Not Insecure (4, Insightful)

pavon (30274) | about a month ago | (#47712509)

The purpose of security is to prevent unauthorized people from accessing the account. There are tons of accounts that are legitimately shared, and there is nothing wrong with sharing passwords in those situations, if the account doesn't have any technical mechanism to allow for multiple users/profiles on a single account. For example bank accounts, utilities, Netflix, Hulu, wireless router administration, all have been shared accounts with my wife (some have since added profiles, but not all).

Furthermore, even with accounts that we keep separate, like email, there are useful reasons to share the password, like when my wife is away from internet at work and wants me to print a boarding pass that was emailed to her. Sure I could snoop through her email, but I don't just like I could snoop through her purse or journal, but I don't.

Re:Not Insecure (0)

Anonymous Coward | about a month ago | (#47712737)

It's only practival because some OS don't have way to run programs as another user. The best way to share an account with your wife should be with something like sudo.

Using sudo, the account and password would remain yours but she would also be able to use and access all your stuff if you granted her the rights.

Of course, there is absolutely no way to do that in Windows without knowing the user password. This makes the whole windows security model a complete joke.

Re:Not Insecure (1)

Anonymous Coward | about a month ago | (#47712747)

I do sometimes wonder about the security extremist point of view.

"I trust you enough to sleep next to you while you have access to many long knives, but I'll be damned if I let you know my Netflix login!" ...
yeah, I think I have it nailed.

Imagine (1)

Anonymous Coward | about a month ago | (#47712529)

Let us imagine for a moment, that we do everything exactly the way, security advisors are telling us:
* have a different password for every website and every account we got
* never write down a password
* log out (from every social site) whenever we stop using a mobile or desktop device
* change all of our passwords every 30 days (to unique new and complex ones (at least 11 characters with different rules (letters, cases, numbers, punctuation symbols) for every system)
* never share a password with anyone

Now, for how many services are you able to do that?
How much of your time does it take?
How often do you check your emails or social sites a day?
How often do you require to reset passwords?

But how many accounts do you really have?
How much time do you want spend in password management?

Encouraged by a lot of places. (3, Interesting)

Joe Gillian (3683399) | about a month ago | (#47712533)

A lot of the bigger, more frequently-used services actually encourage this. The best example I can think of is Netflix, which allows you to have separate profiles for family members but requires that everyone use the same user/pass to log in. I don't know why they couldn't just have individual passwords for the same account - at least that way I could avoid my mom trying to get everyone in the family to watch Sherlock ("Oh, I didn't see it on your watched list! You should try it!").

Amazon's Kindle app does pretty much the same thing, though it's not directly encouraged - you can log into your Kindle account from several different devices at once, effectively allowing people to share their books with anyone they trust enough. I think this is actually worse than Netflix, because most of the time you're using the Kindle app on a mobile device that can easily be lost or stolen.

The only company I've seen do sharing well is Valve, which has Steam Family Sharing that allows you to "lend" people your account without actually needing to tell them your password.

Trust (0)

Anonymous Coward | about a month ago | (#47712573)

Societies need trust. You need to be able to trust your family and friends. If you think that your cellphone password is more important than, say, the keys to your house or your heart, then maybe you don't need family and friends?

Wikipedia has a lot to say about trust: http://en.wikipedia.org/wiki/Trust_%28social_sciences%29

and... (2, Insightful)

Anonymous Coward | about a month ago | (#47712589)

and 49% of people lie about sharing their passwords

Re:and... (1)

Nimey (114278) | about a month ago | (#47713153)

I share my passwords with nobody but the NSA.

In other words... (1)

Type44Q (1233630) | about a month ago | (#47712677)

51% of Computer Users Share Passwords

In other words, "49% of Computer Users Aren't Stupid." (I suspect that's grossly overoptimistic, however.)

Re:In other words... (1)

Skidborg (1585365) | about a month ago | (#47713137)

The flaw here is that they don't say which passwords to what, or with whom.

There's no good reason not to share the password to a shared computer, and yet this poll puts anyone who does so in the same box as anyone who graffitis their bank login information on a bridge.

Windows (0)

Anonymous Coward | about a month ago | (#47712689)

I blame windows. Since users and even administrators can not use commands like sudo or su, people resort to sharing password. It is absolutely impossible in windows to run a process as another user without knowing his or her password. In the real world, even IT people that should know better share their passwords.

Microsoft claims that the way runas works is for increased security by preventing admins from masquarading as another user but in practice it's a security nightmare. Admins fix problems, they don't mess with user accounts for fun. Someone with domain admins credentials should be able to run stuff as any user.

Also, it's a seperate issue but policies that force password changes are just as stupid. In my org. about half the users have their password on a postit or in a notebook near their computers.

Imho, the windows security model is just smoke and mirrors. It actually creates more problems than it solves.

Re: Windows (0)

Anonymous Coward | about a month ago | (#47713075)

You're a moron.

Re: Windows (0)

Anonymous Coward | about a month ago | (#47713667)

If it's so easy, please explain how to substitude users (su) in windows. I'll wait here.

50% are less smart than average (1)

gweihir (88907) | about a month ago | (#47712849)

And the average person is not very smart in the first place. This news item just describes one of the consequences.

Re:50% are less smart than average (0)

Anonymous Coward | about a month ago | (#47713823)

And way over 50% of the people don't know (or care) about the difference between median and average, and why it matters.

Elderly family members passwords (3, Insightful)

bigmike_f (546576) | about a month ago | (#47712883)

Sometimes sharing the passwords of those less technically savvy with those with better skills is necessary and would skew these numbers. Knowing Grandpa's gmail password has helped a lot.

Ok so let's break this down... (1)

erp_consultant (2614861) | about a month ago | (#47712901)

"Consumers are inadvertently leaving back doors open to attackers as they share login details and sign up for automatic log on to mobile apps and services" - You mean like automatically logging on to GMail on their phones? Ummm...isn't that the way it's supposed to work? I can't see anyone logging in and out of email every time they want to use it. Totally impractical, especially if you have a long and complex password. Like you would if you were concerned about, um, security.

"51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues." - And how did they arrive at this number, exactly? I call BS on this one, particularly given that Intercede just happens to be a company that sells security software for mobile devices. Coincidence? I think not. I'm not disputing that it's a bad idea to share passwords with friends and colleagues (family I'm ok with). What I am questioning are the motives behind it. Obviously, Intercede is trying to get people to panic and buy their software. Typical security industry scare tactics.

"The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device." - The solution is to lock the device. You basically have three choices: use a pattern, a PIN or a password. The pattern could probably be guessed easily enough by someone determined to do so but it's better than nothing. PIN is better, password is best. But it's the age old problem of security vs convenience. I used to put an encrypted passphrase on my phone until it became a complete PITA to use it. So there has to be a balance between safety and convenience. I like what Apple is doing with the fingerprint authentication. It's not perfect but it seems to me that it strikes a nice balance. Simply putting some sort of lock on your device (even a simple swipe pattern) will mitigate a lot of issues. Maybe it should be the factory default for devices?

What percentage of husbands and wives share keys? (1)

Paul Harper (3424669) | about a month ago | (#47712915)

This article is hysterical in tone. What percentage of husbands and wives (or other people in relationships) share keys? I mean physical keys to your house and how about actual kitchen knives. I guess it is risky but in the real world people will do it. We do have to trust each other. pavon's (30274) comment above expresses the situation well. On the other hand not putting a PIN or better still a password on your phone, tablet, or laptop is just moronic. And you may as well use full disk encryption while you are at it.

News at 11.. (0)

Anonymous Coward | about a month ago | (#47713029)

News at 11... idiots are IDIOTS!!!!!

Shock Horror!!!

meaningless stat... (2)

Karmashock (2415832) | about a month ago | (#47713143)

just because family members share passwords doesn't mean its insecure. I know the password to most of my parents email and accounts. But so what... I won't do anything they wouldn't approve of and know them well enough to know what they would and would not approve of... so who cares.

And as to companies... most of them are small and medium sized businesses that have overlapping responsibilities. In those cases, SOME people know some passwords. But rarely does everyone in the office know all the passwords.

Its not unreasonable.

Sharing with other people is not the problem (1)

brentonboy (1067468) | about a month ago | (#47713499)

People are good at evaluating the risks of sharing personal info with other people.

The real problem is people sharing the same password between multiple sites. People are really bad at evaluating the risks of any given website being hacked and thus making all other sites that use that password hacked as well.

The best thing we can do for security is encourage to write their site-unique passwords on sticky notes and post them clearly and legibly on their monitors. We'd go from millions of people being compromised every day by malicious hackers with a means of really messing you up, to one or two being hacked a day by someone's brother wanting to pull a prank.

Once people make 10 unique passwords, they'll switch to a password manager. But even if they don't, you're safer printing your username and password on a t-shirt than you are re-using the same password on both google.com and adobe.com.

problem without an easy solution (1)

ILongForDarkness (1134931) | about a month ago | (#47713645)

Passwords/security inherently get in the way of ease of use. Having to enter your password every time is a risk too: easier for people to look over your shoulder and figure out what you are typing, easier to hit max attempts and accidentally lock yourself out etc.

Not an easy thing but it shouldn't just be password but context. We need a way of saying: "my wife can check my email for that important piece of info I need while driving now, but not later". A one time use code. Germany (and probably others) have a similar system for banks. You have your code and confirmation numbers mailed to you. When you start a transaction it asks you for the corresponding code from the list. You could then at least for your bank account only give someone the one code that they are currently being asked for and not have to worry about them running away and doing more transactions later.

of course we share passwords (1)

Nukenbar (215420) | about a month ago | (#47713677)

How else am I supposed to watch HBO?

In other news... (1)

mjmcc (1699468) | about a month ago | (#47713825)

In other news, 95% of people surveyed are putting their identities at risk by sharing their house and car keys with friends, family and colleagues. "As we lead more and more of our lives in houses and cars, our identities need to be effectively protected – worryingly, it appears that this is not the case at the moment", he continued. "It's not surprising consumers are taking shortcuts such as putting all of their identity cards into a single "wallet" or "purse" that is easily lost, stolen or hacked. It's time for stronger authentication and more sophisticated forms of identity."

The research revealed that consumers are not only sharing keys, but also potentially putting their personal and sensitive information at risk by leaving these "wallets" in easily-visible locations with over half of those who take showers admitting that they leave their wallet on a dresser or table while they do so.

Re:In other news... (1)

Skidborg (1585365) | about a month ago | (#47714251)

This is insightful. I wish I had mod points.

Two people have access to my passwords (1)

EmagGeek (574360) | about a month ago | (#47713849)

There are two people who have access to all of my passwords: My wife and my lawyer.

These are the only two people on this planet with whom my communications are protected by legal privilege.

Should the thinkable happen (let's face it, calling untimely death unthinkable is stupid, as it is entirely thinkable), there should be someone left who can access everything to put my affairs in order.

And the other 49% lie (0)

Anonymous Coward | about a month ago | (#47714123)

Almost everyone shares at least some passwords.
There's always a wife/husband or a friend that we ask to do something from.
Even more - at work places IT is instructed not to ask for passwords, and people are instructed not to give them.
BUT - there's always some good reason that makes us give a password to the IT guys. (we'll change it right away... right).

Because password policy is BORKED. (1)

tekrat (242117) | about a month ago | (#47714737)

This is an example of a good password at my company "m7Rx2NqU" -- that's an unrecognizable jumble of characters that only a computer could love, but never a human.

I'd prefer to use "correcthorsebatterystaple" (ala XKCD), but my company's password policies do not let me use a pass phrase, but a jumble of numbers, letters and uppercase.

Re:Because password policy is BORKED. (0)

Anonymous Coward | about a month ago | (#47715447)

even though a machine can guess m7Rx2Nqu alot easier then "Bl00dyStupidPassw0rd!"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>