This article was published on July 18, 2018

Survey: 45% of security professionals reuse the same password

Security professionals are just like the rest of us: lazy.


Survey: 45% of security professionals reuse the same password

There’s a saying — “practice what you preach.” If you give advice, make sure it’s something you follow personally. Turns out, some security pros aren’t doing that.

A survey of 306 infosec professionals at London’s Infosecurity Conference 2018 from Lastline showed that 45 percent commit one of the biggest security cardinal sins — reusing passwords across accounts.

I don’t really have to explain why this is bad. If you use the same credentials across multiple different services and just one of them is compromised, the attacker can gain access to all of them.

Now, there’s a caveat here. There’s no clear breakdown of response by job title. That’s important because Infosecurity Conference has a really corporate-y feel. Walking around, you see more managerial types and C-Suite gremlins than actual frontline security folks.

That shift from technical to managerial probably skews the results some. If you asked the same question at, say, B-Sides London or 44Con, would you get the same response? I’d wager probably not.

TNW spoke to Tom Gaffney, principal consultant at F-Secure, who put the results into context, and reminded me that most security professionals are just human, and prone to mistakes.

“F-Secure cyber consultants find default passwords used by IT admins pretty routinely,” Gaffney said, pointing out that some of the most high-profile security breaches were caused by targeting tech staff.

Some of the biggest corporate hits have been caused by targeting the very IT teams who should know better. Sony got hit badly twice in 2014, first the hackers targeted the admin accounts of their IT admins and, among other things, stole the film The Interview and also end user data which was stored in a folder called “password.”

If you’re one of those 45 percent who fail to practice good password hygiene, you might want to get a password manager, and brush up on how to make strong, unique passwords.

Get the TNW newsletter

Get the most important tech news in your inbox each week.