Story image

Survey points to forgetfulness as main reason why people reuse their passwords

02 May 18

Thursday May 3 marks World Password Day, and it seems some people are still falling into the same password traps even though they may know it’s not a good idea.

A global survey from LastPass by LogMeIn found that 91% of the 2000 respondents know that using the same password for multiple accounts is a security risk, but 59% continue to do it anyway.  53% haven’t changed passwords in the last 12 months, despite knowing of breaches in the news.

The results are similar to those found when the same study was conducted two years ago.

38% say that their accounts aren’t valuable enough to make them worth a hacker’s time. This carelessness, LastPass says, is helping hackers win.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” comments LogMeIn chief technology officer of Identity and Access Management, Sandor Palfy.

The survey suggests that the fear of forgetfulness is one of the main reasons people stick to using the same password for different accounts, with 61% of respondents citing it as a concern.

Many respondents use the same password for as long as possible – at least until their IT team requires them to update, or if they’re affected by a security breach.

It’s also likely that people bring their home passwords directly into their workplace. Only 19% of respondents create more secure passwords for work – and only 38% make it a policy to never reuse the same password between work and personal accounts.

Given that 79% have between one and 20 online accounts for both personal and work use, 47% say there’s no difference in passwords created for these types of accounts.

A person’s personality type could also be at fault: Overall, 50% of respondents say they want to both know and be in control of their passwords.

However, bad password behaviour in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security.

Those respondents who are Type A personalities are more likely to stay on top of security. 77% putting a lot of thought into password creation; and 76% consider themselves informed about best password practices.

45% of Type As also have a personal ‘system’ for creating passwords, such as using an account name and numbers that have ‘meaning’.

Of the Type B personality respondents, 67% put a lot of thought into password creation; and 68% consider themselves informed about best password practices.

However it doesn’t mean either personality type will put best password practices into action.

Overall, 72% say they feel informed on password best practices, but 64% of those say having a password that’s easy to remember is most important.

Similarly, 91% recognise that using the same or similar passwords for multiple logins is a security risk, yet 58% mostly or always use the same password or variation of the same password.

“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional,” Palfy concludes.

The Psychology of Passwords: Neglect is Helping Hackers Win survey polled 2000 people from Australia, France, Germany, the United Kingdom, and the United States.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.