False sense of safety undermines good password hygiene

LastPass released findings from its fifth annual Psychology of Password report, which revealed even with cybersecurity education on the rise, password hygiene has not improved.

password hygiene education

Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviors across the board. In addition, LastPass found that while 65% of all respondents have some form of cybersecurity education – through school, work, social media, books or courses via Coursera or edX – the reality is that 62% almost always or mostly use the same or variation of a password.

The survey, which explored the password security behaviors of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviors surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behavior and can create a detrimental false sense of safety.

Key findings on password hygiene and cybersecurity education

Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene. As the generation who has lived most of their lives online, Gen Z (1997 – 2012) believes their password methods to be “very safe.” They are the most likely to create stronger passwords for social media and entertainment accounts, compared to other generations.

However, Gen Z is also more likely to recognize that using the same or similar password for multiple logins is a risk, but they use a variation of a single password 69% of the time, alongside Millennials (1981 –1996) who do this 66% of the time. On the other hand, Gen Z is the generation most likely to use memorization to keep track of their passwords by 51%, with Boomers (1946 – 1964) the least likely to memorize their passwords at 38%.

Cybersecurity education doesn’t necessarily translate to action. With 65% of those surveyed claiming to have some type of cybersecurity education, 79% found their education to be effective, whether formal or informal. But of those who received cybersecurity education, only 31% stopped reusing passwords. And only 25% started using a password manager.

Confidence creates a false sense of password security. While 89% of respondents acknowledged that using the same password or variation is a risk, only 12% use different passwords for different accounts, and 62% always or mostly use the same password or a variation. To add to that, compared to last year, people are now increasingly using variations of the same password, with 41% in 2022 vs. 36% in 2021.

“Our latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyberattacks, there continues to be a disconnect for people when it comes to protecting their digital lives,” said Christofer Hoff, Chief Secure Technology Officer for LastPass.

“The reality is that even though nearly two-thirds of respondents have some form of cybersecurity education, it is not being put into practice for varying reasons. For both consumers and businesses, a password manager is a simple step to keep your accounts safe and secure.”

Don't miss