SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Reckless password behaviour 'largely unchanged' despite increased risk
Wed, 6th May 2020
FYI, this story is more than a year old

People aren't protecting themselves from the plethora of cybersecurity risks posed to them simply by being online – even though they know they should.

That's according to the findings of a report released today by password manager company LastPass, which reveals that despite increasing reports of data breaches and heightened public awareness of security risks, consumer password behaviours remains ‘largely unchanged'.

91% of people know that using an identical password on multiple accounts is risky, yet 66% continue to do so anyway, according to a survey of over 3,000 people of various ages from the US, UK, Germany, Brazil, Australia and Singapore.

The same survey was conducted in 2018, and data from 2020's study shows that password behaviours haven't generally become more protective over the years – in fact, the aforementioned 66% of users not changing their password despite being given good reason to do so has increased by 8% from the 2018 study.
The data showed several contradictions – 77% say they feel informed on password best practices, yet 54% still try to memorise passwords and 27% write them down.

Meanwhile, 80% of respondents are concerned with having their passwords compromised, yet 48% never change their password if not required by the service they are using.

At 60%, the fear of forgetting login information was the single most cited reason to go through with the risky decision to use the same password for multiple accounts.

This was followed by wanting to know and be in control of all of their passwords at 52%.

But it's not all bad news – the awareness and usage of multifactor authentication (MFA) is relatively broad, with 54% of respondents saying they use MFA for their personal accounts and 37% claiming they use it at work.

Only 19% of survey respondents said they did not know what MFA was.

The study also suggests that consumers find biometric authentication to be relatively trustworthy and reliable - 65% said they trust fingerprint or facial recognition more than traditional text passwords.

“During a time where much of the world is working from home due to the disruption caused by the COVID-19 pandemic, and people are spending more time online, the cyber threats facing consumers are at an all-time high,” says LogMeIn general manager of identity and access management John Bennett.

“Individuals seem to be numb to the threats that weak passwords pose and continue to exhibit behaviours that put their information at risk.

“Taking just a few simple steps to improve how you manage passwords can lead to increased safety for your online accounts.