Post-Heartbleed: It's time to pay attention to passwords

Sharath Kumar
New Update

NEW DELHI, INDIA: A new F-Secure survey shows that passwords remain a problem even for tech-conscious consumers. In the poll*, promoted via F-Secure social media channels, 43pc of respondents report using the same password for more than one important account - a big no-no for proper password hygiene.


58pc of poll respondents have over 20 password-protected online accounts or simply too many too keep track of. 27pc have between 11 and 20 password-protected accounts and 15pc have under 10. But even with so many accounts, just 40pc use a password manager to keep track of them.

Encouragingly, 57pc of poll respondents changed passwords after hearing about Heartbleed. Of poor password habits, the most common was using the name of a family member. The next most common poor password habit was using a pet name, and then using generic passwords like "Password" or "123456."

Post-Heartbleed, it's especially important to pay some attention to passwords. But getting all one's passwords in order - setting a unique, strong password for each individual account - can seem like too big a job, which is why many aren't doing it. And there's a lot of advice out there on how to generate and manage passwords. What's the average person to do? Sean Sullivan, Security Advisor at F-Secure shares the one fundamental tip that everyone should remember:


"Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong."

Sullivan's advice takes into account the fact that many people have accounts for services where little personal information is stored. "If you created an account for some website and there's hardly anything more in there than your username and password, then that's probably not a critical account," he says. "But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don't have time or inclination to tackle everything, at least take care of those."

A prime example of a critical account is an email account that is used as the point of contact for password resets on other accounts. For these "master key" accounts, it's a good idea to activate two-factor authentication if available.


But how to protect those critical accounts? F-Secure advices users to  use a secure password manager.