Survey Reveals How Lack of Social Network Password Security is Causing Vulnerabilities at User’s Place of Business
April 2017 by Thycotic
Thycotic found that 53 percent of users haven’t changed their social network passwords in more than one year – with 20 percent having never changed their passwords at all, according to a recent survey conducted by the company at RSA Conference in San Francisco in February. This percentage not only shows the vulnerability of users’ accounts and the lack of standards set for social networks to implement automation and using password managers, but a way for hackers to easily infiltrate a user’s work email.
“As we know, social networks give away a lot of private information. For people to not consider changing their passwords on a regular basis on their Facebook, Twitter and LinkedIn accounts, they are easily allowing hackers to access information that will grant them access to other facets of their lives, like their work computers and email,” said Joseph Carson, Chief Security Scientist at Thycotic. “Not only is this a huge vulnerability, but this is also a flaw within large social networks that don’t remind or make it clear and transparent to the user about the age or strength of the password or best practices.”
According to Forrester (an independent research firm), 80 percent of all cyber security attacks involve a weak or stolen password. The survey results also found a disconnect in the security industry between security professionals and their own actual security habits. Nearly 30 percent of security professionals have or still use birthdays, addresses, pet names or children names for their work passwords, according to the survey. The percentage shows the vulnerability of users’ accounts in the workplace and the lack of standards set by security professionals as they continue to create solutions to upgrade other organizations’ security.
“The fact that the people who are in the trenches of the day-to-day security for businesses are using weak passwords for their credentials is shocking and unacceptable,” said James Legg, president and CEO at Thycotic. “These survey results just go to show just how vulnerable a lot of people have made themselves and the companies they work for through being irresponsible with passwords. Without the proper solutions in place, companies are really at risk here.”
In 2016 alone, more than 3 billion user credentials/passwords were stolen – making it 95 credentials and passwords stolen every second, according to Thycotic and Cybersecurity Ventures’ Password Report. By 2020, there will be more than 300 passwords to protect and every employee with be responsible for about 90 passwords.
Additional findings include:
• 45+ percent of respondents said they believe privileged accounts accounted for at least half of the cyberattacks
• Approximately 65 percent of respondents do not believe cyber security will get stronger under President Donald Trump
• 25+ percent of respondents said they change their password at work only when the system tells them to
• 20 percent of respondents have never changed their social network passwords, ever