Singaporeans are guilty of weak password security practices, making them vulnerable to hackers, according to a survey conducted by data centre software vendor Imperva.
"We wanted to understand how consumers are dealing with password security to protect themselves at the user level," said Stree Naidu, vice president of Imperva in Asia Pacific and Japan.
Conducted from September to November 2012, the Imperva survey polled 188 Internet users in Singapore. The findings include:
- More than 60 percent say they use the same password to sign in to multiple online accounts.
- One in two never changed their passwords.
- Almost 80 percent use long passwords (more than 8 characters), but only 20 percent of respondents use complicated passwords that combine numbers, uppercase and lowercase, as well as symbols.
According to Naidu, a strong password should also be random and not linked to personal data that can be found elsewhere online. For example, the password should not be the user's home address since it can be easily retrieved from other sources.
Fortunately, half of the survey respondents have a good understanding of this. The survey found that almost 50 percent of those polled in Singapore say they draw inspiration for passwords from 'bible verses,' 'mathematical progressions,' and 'whatever is on my desk when I change my password.'
The other half of respondents, however, still favours the use of personal information such as birth dates, names, and personal identification numbers, in their passwords.
Meanwhile, three in 10 Singaporeans surveyed say they have been victims of hacking, and the three most common types of accounts hacked are email (68 percent), social networking sites (30 percent), and gaming accounts (13 percent).
Despite this, email and social networking sites ranked low in terms of password importance. Less than half of respondents say they think email and social networking sites deserve strong passwords. Almost 50 percent of Singaporeans polled also say they have never changed their passwords on social networking site Facebook.
Naidu added: "Weak passwords can result not only in the loss of personal data but also company data, if employees are accessing personal email or social networks on a company-owned device. Imperva works with many organisations to deploy the first line of security defence at the data centre to prevent largescale hacking attacks. At the user level, consumers can also help to protect themselves and their employers by practising strong password security, and not falling prey to spam or phishing emails."
Some suggestions from Imperva for better security include online users adopting unique and strong passwords for different accounts - whether email, social networking sites, or gaming accounts. Consumers should also change passwords at least once every six months.
Sign up for CIO Asia eNewsletters.