And most people don’t change their password even
after hearing about a breach, a survey finds
While nearly all
respondents in a recent survey were aware of the risks associated with poor
password hygiene, most people don’t do anywhere near enough to keep attackers
at bay, the third installment of the LastPass Psychology of Passwords
Report has revealed.
As many as 9 in 10
respondents surveyed by the password manager purveyor acknowledged knowing
that recycling the same password or using a variation of it across multiple
account was risky. Still, two-thirds used the same password or a derivate for
all their online accounts, which is actually an increase of 8 percentage points
from the survey conducted in 2018. The new edition of the survey took place in
March of this year and canvassed opinions from 3,250 people on various
continents.
The report also reveals
that 53% of respondents haven’t changed their password in the last year even
after they heard about a breach in the news. Also, 4 in 10 people believe that
having an easy-to-remember password is more important than a secure password.
Apparently some take it a bit too far, since studies have shown that year
after year, passwords such as “12345”, “123456” and “123456789” top the lists of the most popular passwords.
One of the reasons people
don’t apply proper password hygiene is that they underestimate the risk. In
fact, 4 in 10 think that their accounts aren’t worth the hacking effort. One
thing to remember is that everyone is a target. Your information can be part of
a breach that involves millions of
stolen credentials. That
data can then be used to piece together other information, since if you recycle
your passwords, bad actors can gain access to other services, including your
online banking.
Speaking of which, almost
three-quarters of respondents concurred that financial accounts need extra
protection. About half said that email accounts needed stronger
passwords since those are
usually at the center of people’s digital identities and can contain tons of
exploitable data. A third considers medical records sensitive enough to require
protection by stronger passwords as well.
Luckily, most respondents
realize that there are additional steps they can take to secure their accounts,
such as multi-factor authentication (MFA). Only 1 in 5 wasn’t aware of what MFA
was, while over a half said that they use it to secure their personal accounts
and 37% use it at work.
To sum it up, you should
avoid creating simple passwords and recycling them across accounts – two of
the common password mistakes people make. Instead, opt for long passphrases, consider using a password manager and add that extra protection layer with MFA, whenever available.