Despite today’s increased threat landscape and heightened global awareness of hacking and data breaches, password behaviors remain largely unchanged.
Data from a survey conducted by Lab42 shows that 91 percent of people know that using the same password for multiple accounts is a security risk, yet 59 percent continue to use the same password. As a result, individuals’ behavior in creating, changing and managing passwords in both their professional and personal lives is slow to match the rapid evolution of cybersecurity threats.
Global cyber threats skyrocket but password behaviors unchanged
Password behaviors remain largely unchanged from the same study conducted two years ago — translating to some risky behaviors. 53 percent report not changing passwords in the past 12 months despite a breach in the news. And while 91 percent know that using the same password for multiple accounts is a security risk, 59 percent mostly or always use the same password.
Fear of forgetfulness = Number one reason for password reuse
Not only do most respondents (58 percent) use the same password for multiple accounts, but many continue to use that password as long as possible — until required by IT to update or if impacted by a security incident. The fear of forgetfulness was the number one reason for reuse (61 percent), followed by wanting to know and be in control of all of their passwords (50 percent).
Attention IT: Password behaviors same at work and home
The majority of respondents (79 percent) report having between one and 20 online accounts for work and personal use. When it comes to password creation, nearly half (47 percent) say there is no difference in passwords created for these accounts. Only 19 percent create more secure passwords for work and 38 percent never reuse the same password between work and personal, which means that 62 percent do.
Type a personalities take passwords more seriously
Respondents who identify as Type A personalities are more likely than Type B personalities to stay on top of password security: 77 percent put a lot of thought into password creation, compared to 67 percent of Type B. And Type A users consider themselves informed about password best practices (76 percent) over Type B users (68 percent).
Security-conscious thinking doesn’t translate to action
The data showed several contradictions, with respondents saying one thing and in turn, doing another. 72 percent say they feel informed on password best practices, but 64 percent of those say having a password that’s easy to remember is most important. Similarly, 91 percent recognize that using the same or similar passwords for multiple logins is a security risk, yet 58 percent mostly or always use the same password or variation of the same password.
“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” said Sandor Palfy, CTO of Identity and Access Management at LogMeIn. “Individuals seem to understand password best practices, but often exhibit password behaviors that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional.”