A survey on password security for a class

[Saturn2888]

I'm trying to finish up this survey I need for a class. I misread my data and thought the 43 views meant 43 people had taken the survey but only 17 actually completed it. I was hoping I could gather a few more people completing the survey within the next few hours so that I could use those in my paper. I can justly go with the current amount, but I would feel more confident and prepared should I get more participants.

The survey can be found here: cs304wi.questionpro.com and has an average of 4 minutes to completion time.

 

[DeeTee_uk]

Best of luck with your paper, but you may find some people unwilling to fill out details of their online passwords in an online questionnaire.

 

[Saturn2888]

Yeah no problem. It doesn't ask for any passwords and only records the responses anonymously by not asking for a username or e-mail address. It doesn't give anything specific enough to allow for hackers to use it maliciously. The data's pretty interesting. People are more secure than I supposed. I'm assuming this is because the majority of my participants aren't over 27 and aren't going to have a password "orange" or "password" as is common in the older cubicle communities.

 

[Saturn2888]

Finished the paper. Thanks to everyone that helped out!

 

[buwish]

Whoops, didn't see that you had finished the paper before I took the survey. Never the less, I hope it turned out well.

 

[Saturn2888]

That's fine. I'm still interested in seeing more data. The results of the survey showed more progressive people protected their data properly (20%), about 30% didn't know how to do it but thought they were doing it properly, and then the rest were in terrible shape. So I was happy 20% even had proper security, but I was extremely displeased to see this nearly 50% number of people who did not care about their important information being stolen. It was very scary to think about. "Here, have my bank account number". Technically, that's what you do when you write a check so I dunno how much that influences those people.

 

[jitpublisher]

I did your survey and I hope you find the addtional information helpful.
But I really don't see how you come to the conclusions you stated by data you are gathering from this set of questions. For instance, there is information I have that is important to me, that would be horrible if stolen, but only a small part of it. Most of my information that I consider very important to me, would be useless or worthless to someone else, so I could care less if someone got access to it. So I guess what I am saying, you need to know specifically what information people think is important to be protected, and what is not, to balance your survey.
And yes, everytime you buy something and do not simply pay "cash on the barrel head" so to speak, you are revealing your financial information. What are you going to do? I hate carrying a lot of cash with me.
Just use common sense, that goes a long ways, and good luck with your paper.

 

[Saturn2888]

No problem. I was able to gather, from a bunch of other sources I've read and cited in the actual paper itself, what all the questions being answered meant. I really wanted to get further in, but I was only supposed to have 10 pages and wrote in 16 just from this small survey. Had I more questions I would've been happier. I kept thinking of different ways to interpret it and thinking if I only had question X I could determine Y, but I found ways around that. We'll see how I did in a few weeks.

We've been discussing the implications of just about everything including credit and how everything you do is basically tracked unless someone's letting you live for free out in a forest, and you have tons of physical cash and cover your face all day.

The thing is, the important data is like, if you have a banking website, would you want that information stolen? Probably not. Then you'd probably want to say your important data is important to you. If it's /really/ not that important to you, you'd answer one of the other options. I was writing up what it possibly meant when people said it didn't matter and coming to conclusions based off of those assumptions aligned with the last 5 years of security research I've done. From what I've found, if you allow your unimportant data to be unprotected, that's probably the easiest way in. Some people think IM clients are pointless to have lots of encryption or secure passwords on, but once someone logs in and asks your wife/husband or best buddy what the bank account password was again because he or she forgot it.

There's so many other vectors for attack. "Hey blah, download this". I mean, I don't wanna go into that, but I personally use random 64 character passwords for anything I don't know if it's safe. That way they can't trace it back to any password I actually know. I noted something in the paper about how having smaller password (cited it too) isn't necessarily bad, it's just something that can be memorized so long as the variations are enough that a brute force attack can't get it or can't get it quick enough to be in this millennium.