Security experts often offer detailed guidance to ensure computer users do not leave themselves vulnerable to cyber crime, but do they need to do more to make sure they are following their own advice properly?
It has been suggested following one recent incident that many may not be following the same best practice rules they preach to others, after a number of attendees at this year's RSA Executive Security Action Forum entered their plain-text Twitter usernames and passwords into entry fields and gave them to the RSA's website.
The site wanted the details in order to send a pre-written tweet promoting the conference, but it did not make use of OAuth-enabled single sign-on to gather the information, which the Register noted is the standard means by which websites can allow Twitter accounts without compromising security.
As a result, the publication stated that somewhere, an RSA database could now contain plain-text password information for security executives at some of the world's biggest companies. And given that poor password practices such as reusing credentials across multiple applications still persist, it could potentially leave them exposed.
Although this appears to have been an honest mistake, it highlights how even security experts can be careless when it comes to protecting their sensitive information, which may be good news for cyber criminals looking to run phishing scams by convincing people to enter details into bogus websites.
A recent study from SplashData looked revealed many users are also still failing to follow basic best practice advice when it comes to passwords. It found '123456' was the most common choice for login details, followed by 'password'.
Splashdata advised users to stick with longer passwords, as these are harder to guess. The group also recommends using software to manage different passwords securely, as this allows users to utilise terms that they would not usually remember.