Password Reuse Remains Rampant

Despite high-profile, large-scale data breaches dominating the news cycle—and repeated recommendations from experts to use strong passwords, global consumers have yet to adjust their own behavior when it comes to password reuse.

Released on the eve of National Cyber Security Awareness Month, a survey from LastPass found that 95% of respondents recognize the characteristics of a strong password. Even so, 47% are still using their initials, friends or family names as their keys. About 42% use significant dates and numbers, and 26% use pet names—all information that’s easily obtainable through social media sites or a casual acquaintance.

Then there’s password reuse, most recently in the headlines related to the Yahoo breach. The survey shows that 91% of us know there is a risk when reusing passwords, but 61% continue to do so. If passwords are being reused across accounts, cyber-criminals who hack a lower-prioritized account can easily gain access to something that is more critical, like a savings or credit card account. And indeed, this vector looks alive and well: 69% of respondents prioritized password strength for financial accounts over retail (43%), social media (31%) and entertainment (20%). More than a third (39%) of respondents said they create more secure passwords for personal accounts over work accounts.

Changing passwords every month or so is another best practice, but only 29% of consumers change their passwords for security reasons, according to the survey. The No. 1 reason people change passwords is because they forgot what they were (46%).

“Developing poor password habits is a universal problem affecting users of any age, gender or personality type,” says Joe Siegrist, VP and GM of LastPass. “Most users admit to understanding the risks but continue to repeat the behavior despite knowing they’re leaving sensitive information vulnerable to potential hackers. In order to establish more effective defenses, we need to better understand why individuals act a certain way online and a system that makes it easier for the average user to better manage their password behavior.”

Photo © Den Rise

What’s Hot on Infosecurity Magazine?