sb-as logo
Story image

Survey points to forgetfulness as main reason why people reuse their passwords

02 May 2018

Thursday May 3 marks World Password Day, and it seems some people are still falling into the same password traps even though they may know it’s not a good idea.

A global survey from LastPass by LogMeIn found that 91% of the 2000 respondents know that using the same password for multiple accounts is a security risk, but 59% continue to do it anyway.  53% haven’t changed passwords in the last 12 months, despite knowing of breaches in the news.

The results are similar to those found when the same study was conducted two years ago.

38% say that their accounts aren’t valuable enough to make them worth a hacker’s time. This carelessness, LastPass says, is helping hackers win.

“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” comments LogMeIn chief technology officer of Identity and Access Management, Sandor Palfy.

The survey suggests that the fear of forgetfulness is one of the main reasons people stick to using the same password for different accounts, with 61% of respondents citing it as a concern.

Many respondents use the same password for as long as possible – at least until their IT team requires them to update, or if they’re affected by a security breach.

It’s also likely that people bring their home passwords directly into their workplace. Only 19% of respondents create more secure passwords for work – and only 38% make it a policy to never reuse the same password between work and personal accounts.

Given that 79% have between one and 20 online accounts for both personal and work use, 47% say there’s no difference in passwords created for these types of accounts.

A person’s personality type could also be at fault: Overall, 50% of respondents say they want to both know and be in control of their passwords.

However, bad password behaviour in Type A personalities stems from their need to be in control, whereas Type B personalities have a casual, laid-back attitude toward password security.

Those respondents who are Type A personalities are more likely to stay on top of security. 77% putting a lot of thought into password creation; and 76% consider themselves informed about best password practices.

45% of Type As also have a personal ‘system’ for creating passwords, such as using an account name and numbers that have ‘meaning’.

Of the Type B personality respondents, 67% put a lot of thought into password creation; and 68% consider themselves informed about best password practices.

However it doesn’t mean either personality type will put best password practices into action.

Overall, 72% say they feel informed on password best practices, but 64% of those say having a password that’s easy to remember is most important.

Similarly, 91% recognise that using the same or similar passwords for multiple logins is a security risk, yet 58% mostly or always use the same password or variation of the same password.

“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional,” Palfy concludes.

The Psychology of Passwords: Neglect is Helping Hackers Win survey polled 2000 people from Australia, France, Germany, the United Kingdom, and the United States.

Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More