According to a new survey unveiled at the Infosec Europe 2006 show in London, 41% of the users are having one password to access all the websites and services!!
Despite the fact that this survey hits the ordinary password authentication techniques in a deadly spot, it tells me two things:
1- SSO and Identity-Federation should (would?) be the key concepts in the near future.. and maybe the InfoCard scheme that will be deployed with Windows Vista will help pushing users to such concepts…
2- “The user is going to pick dancing pigs over security every time” as Bruce Schneier used to say.
the user is going to try hardly to put himself in the most “convenient” situation… ordinary password are not sufficient any more!! we must consider more seriously other password techniques such as OT-Password, Query-Based-Password, etc..
According to the survey that relied on the answers of 500 users and conducted by “Sophos”, only 14% use a different password for every website, and 45% admitted that they had a small handful of different passwords to choose from!!
—————————————————————————————