City financial firms packed with stupid users

A UK security outfit has discovered that some of the big names in the London business district have the stupidest of users when it comes to security.

Quest Software carried out a survey to have a look at the best security practices in Square Mile and found that while the companies might have some pretty good security policies, they were being undermined by user stupidity.

More than a quarter of workers shared passwords between work PCs and their normal home PCs. This makes it easier for them to remember, but means that a data thief has access to a more secure work network by knocking over the less secure home one.

Quest found that some security policies at some financial institutional were pretty questionable. Some demanded passwords that were shorter than eight characters which made them too easy to crack. More than 84 per cent allowed users to chose their own passwords which leads to all sorts of problems. In addition about a quarter allow real word passwords instead of alpha-numeric combinations.

Joe Baguley, global product director at Quest said that financial institutions needed to have the best record when it comes to IT security, but instead they are pretty poor. Part of this is to do with the fact that users often find password management a bit too complicated, he said.

But Joe didn't say which institutions were lax so we can all avoid them in the future imperfect. µ