I#forgot*MYpassword30

By Chad Hemenway on May 21, 2014

I’m not shy about it. I can be lazy.

I can be especially lazy when it comes to passwords. This laziness grows from forgetfulness. I can’t possible remember multiple passwords to work websites and credit card sites and car payment sites and bank sites and whatever other online membership to which I belong.

I forget my password for a good two weeks after I’m forced to change my work login.

I’m feeling more uneasy about sharing passwords across multiple websites, having focused so intently on cyber risk for the past 6 months.

According to Trustwave’s 2014 Global Security Report, weak or default passwords contributed to a third of the 691 compromises the company investigated in 2013.

“Strong passwords—consisting of a minimum of seven characters and a combination of upper and lower case letters, symbols and numbers—play a vital role in helping prevent a breach,” Trustwave said.

I look at a statement like this and a couple thoughts come to mind: 1.) Well, that makes perfect sense. 2.) I’m doomed; I don’t stand a chance.

Websites requiring me to enter a password to access information or pay a bill can expect to send me multiple (likely each month) emails reminding me of my latest combination of letters, symbols and numbers to get into their respective sites. I’m guessing keeping a piece of paper in my wallet with each sites’ username and password similarly makes the skin of any cybersecurity expert crawl as much as using the same password everywhere, so I won’t mention it.

This week eBay told its 145 million-or-so users to change their passwords due to a cyber attack.

I’ve used eBay and I suspect I’ll get around to coming up with another original password—balancing what I think would be a hard-to-crack character-combination with something I think I possibly could have a chance of remembering.

But here’s another thought: I’d expect the hardcore eBay user to continue to use the site as he/she always has but what about the user like me? I don’t use the service often. When I do in the near future, and I can’t remember my password, I’ll probably just give up and go on to something else. I wonder how many others do the same.

How do cyber attacks of online services affect customer behavior?

I also suspect many online customers don’t do a thing about changing passwords even when advised to do so, making this trend of passwords-as-an-entry-point a mainstay in cyber risk.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].