Story image

Survey points to forgetfulness as main reason why people reuse their passwords

02 May 18

Thursday May 3 marks World Password Day, and it seems some people are still falling into the same password traps even though they may know it’s not a good idea.

A global survey from LastPass by LogMeIn found that 91% of the 2000 respondents know that using the same password for multiple accounts is a security risk, but 59% continue to do it anyway.  53% haven’t changed passwords in the last 12 months, despite knowing of breaches in the news.

The results are similar to those found when the same study was conducted two years ago.

38% say that their accounts aren’t valuable enough to make them worth a hacker’s time. This carelessness, LastPass says, is helping hackers win.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” comments LogMeIn chief technology officer of Identity and Access Management, Sandor Palfy.

The survey suggests that the fear of forgetfulness is one of the main reasons people stick to using the same password for different accounts, with 61% of respondents citing it as a concern.

Many respondents use the same password for as long as possible – at least until their IT team requires them to update, or if they’re affected by a security breach.

It’s also likely that people bring their home passwords directly into their workplace. Only 19% of respondents create more secure passwords for work – and only 38% make it a policy to never reuse the same password between work and personal accounts.

Given that 79% have between one and 20 online accounts for both personal and work use, 47% say there’s no difference in passwords created for these types of accounts.

A person’s personality type could also be at fault: Overall, 50% of respondents say they want to both know and be in control of their passwords.

However, bad password behaviour in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security.

Those respondents who are Type A personalities are more likely to stay on top of security. 77% putting a lot of thought into password creation; and 76% consider themselves informed about best password practices.

45% of Type As also have a personal ‘system’ for creating passwords, such as using an account name and numbers that have ‘meaning’.

Of the Type B personality respondents, 67% put a lot of thought into password creation; and 68% consider themselves informed about best password practices.

However it doesn’t mean either personality type will put best password practices into action.

Overall, 72% say they feel informed on password best practices, but 64% of those say having a password that’s easy to remember is most important.

Similarly, 91% recognise that using the same or similar passwords for multiple logins is a security risk, yet 58% mostly or always use the same password or variation of the same password.

“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional,” Palfy concludes.

The Psychology of Passwords: Neglect is Helping Hackers Win survey polled 2000 people from Australia, France, Germany, the United Kingdom, and the United States.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.