Despite cyber threats, password behaviors remain largely unchanged, a survey suggests. Some nine in ten, 91 percent of people know that using the same password for multiple accounts is a security risk, yet 59 percent continue to use the same password. As a result, creating, changing and managing passwords in professional and personal lives is slow to match the rapid evolution of cybersecurity threats, according to a password management product company.
A global survey, which polled 2,000 across the United States, Australia, France, Germany, and the United Kingdom, suggested knowledge of security best practices doesn’t necessarily translate into better password management. It also suggests that regional, generational and personality differences can factor into password security. Findings include:
Password behaviours remain largely unchanged from the same study conducted two years ago — translating to some risky behaviors, the product firm says. 53 percent report not changing passwords in the past 12 months despite a breach in the news. And while 91 percent know that using the same password for multiple accounts is a security risk, 59 percent mostly or always use the same password.
Not only do most respondents (59 percent) use the same password for multiple accounts, but many continue to use that password as long as possible — until required by IT to update or if impacted by a security incident. The fear of forgetfulness was the number one reason for reuse (61 percent), followed by wanting to know and be in control of all of their passwords (50 percent).
The majority of respondents (79 percent) report having between one and 20 online accounts for work and personal use. When it comes to password creation, nearly half (47 percent) say there is no difference in passwords created for these accounts. Only 19 percent create more secure passwords for work and 38 percent never reuse the same password between work and personal, which means that 62 percent do.
Bad password behavior in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security. Respondents who identify as Type A personalities are more likely than Type B personalities to stay on top of password security: 77 percent put a lot of thought into password creation, compared to 67 percent of Type B. And Type A users consider themselves informed about password best practices (76 percent) over Type B users (68 percent).
The data showed contradictions, with respondents saying one thing and in turn, doing another. 72 percent say they feel informed on password best practices, but 64 percent of those say having a password that’s easy to remember is most important. Similarly, 91 percent recognize that using the same or similar passwords for multiple logins is a security risk, yet 58 percent mostly or always use the same password or variation of the same password.
Sandor Palfy, Chief Technology Officer of Identity and Access Management at LogMeIn said: “The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action. Individuals seem to understand password best practices, but often exhibit password behaviors that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional.”
