Story image

Survey points to forgetfulness as main reason why people reuse their passwords

02 May 18

Thursday May 3 marks World Password Day, and it seems some people are still falling into the same password traps even though they may know it’s not a good idea.

A global survey from LastPass by LogMeIn found that 91% of the 2000 respondents know that using the same password for multiple accounts is a security risk, but 59% continue to do it anyway.  53% haven’t changed passwords in the last 12 months, despite knowing of breaches in the news.

The results are similar to those found when the same study was conducted two years ago.

38% say that their accounts aren’t valuable enough to make them worth a hacker’s time. This carelessness, LastPass says, is helping hackers win.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” comments LogMeIn chief technology officer of Identity and Access Management, Sandor Palfy.

The survey suggests that the fear of forgetfulness is one of the main reasons people stick to using the same password for different accounts, with 61% of respondents citing it as a concern.

Many respondents use the same password for as long as possible – at least until their IT team requires them to update, or if they’re affected by a security breach.

It’s also likely that people bring their home passwords directly into their workplace. Only 19% of respondents create more secure passwords for work – and only 38% make it a policy to never reuse the same password between work and personal accounts.

Given that 79% have between one and 20 online accounts for both personal and work use, 47% say there’s no difference in passwords created for these types of accounts.

A person’s personality type could also be at fault: Overall, 50% of respondents say they want to both know and be in control of their passwords.

However, bad password behaviour in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security.

Those respondents who are Type A personalities are more likely to stay on top of security. 77% putting a lot of thought into password creation; and 76% consider themselves informed about best password practices.

45% of Type As also have a personal ‘system’ for creating passwords, such as using an account name and numbers that have ‘meaning’.

Of the Type B personality respondents, 67% put a lot of thought into password creation; and 68% consider themselves informed about best password practices.

However it doesn’t mean either personality type will put best password practices into action.

Overall, 72% say they feel informed on password best practices, but 64% of those say having a password that’s easy to remember is most important.

Similarly, 91% recognise that using the same or similar passwords for multiple logins is a security risk, yet 58% mostly or always use the same password or variation of the same password.

“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional,” Palfy concludes.

The Psychology of Passwords: Neglect is Helping Hackers Win survey polled 2000 people from Australia, France, Germany, the United Kingdom, and the United States.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.