Story image

Survey points to forgetfulness as main reason why people reuse their passwords

02 May 2018

Thursday May 3 marks World Password Day, and it seems some people are still falling into the same password traps even though they may know it’s not a good idea.

A global survey from LastPass by LogMeIn found that 91% of the 2000 respondents know that using the same password for multiple accounts is a security risk, but 59% continue to do it anyway.  53% haven’t changed passwords in the last 12 months, despite knowing of breaches in the news.

The results are similar to those found when the same study was conducted two years ago.

38% say that their accounts aren’t valuable enough to make them worth a hacker’s time. This carelessness, LastPass says, is helping hackers win.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” comments LogMeIn chief technology officer of Identity and Access Management, Sandor Palfy.

The survey suggests that the fear of forgetfulness is one of the main reasons people stick to using the same password for different accounts, with 61% of respondents citing it as a concern.

Many respondents use the same password for as long as possible – at least until their IT team requires them to update, or if they’re affected by a security breach.

It’s also likely that people bring their home passwords directly into their workplace. Only 19% of respondents create more secure passwords for work – and only 38% make it a policy to never reuse the same password between work and personal accounts.

Given that 79% have between one and 20 online accounts for both personal and work use, 47% say there’s no difference in passwords created for these types of accounts.

A person’s personality type could also be at fault: Overall, 50% of respondents say they want to both know and be in control of their passwords.

However, bad password behaviour in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security.

Those respondents who are Type A personalities are more likely to stay on top of security. 77% putting a lot of thought into password creation; and 76% consider themselves informed about best password practices.

45% of Type As also have a personal ‘system’ for creating passwords, such as using an account name and numbers that have ‘meaning’.

Of the Type B personality respondents, 67% put a lot of thought into password creation; and 68% consider themselves informed about best password practices.

However it doesn’t mean either personality type will put best password practices into action.

Overall, 72% say they feel informed on password best practices, but 64% of those say having a password that’s easy to remember is most important.

Similarly, 91% recognise that using the same or similar passwords for multiple logins is a security risk, yet 58% mostly or always use the same password or variation of the same password.

“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional,” Palfy concludes.

The Psychology of Passwords: Neglect is Helping Hackers Win survey polled 2000 people from Australia, France, Germany, the United Kingdom, and the United States.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.