Consider how people react to a request to change their online password. Here’s how people answered when we asked: If a social media site or online company with whom you have an account requests that you change your password, which of the following would you most likely do?
- Always change my password: 31%
- Sometimes change my password: 19%
- Ignore the request: 18%
- Contact company to see if request is genuine: 32%
This finding provides a fresh way of looking at the cost of distrust. If a security breach creates a need to request 3 million users to reset their online passwords, you could be looking at 1 million unbudgeted customer service contacts. If you can keep average cost per contact as low as $1 that is still a $1 million bill.
Switching to a user perspective on passwords, I think many of us share the feeling that password changing is burdensome. That burden can mean passwords are not changed as often as they should be to properly protect accounts.
Nevertheless, our survey revealed that some people are making an effort. We asked "How frequently do you change the password for the online account you use most often?" Here's a breakdown of the responses:
- About once a year: 46%
- About once every 6 months: 31%
- At least once a month: 8%
- Never: 16%
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.