Lazy Password Habits and Reuse are a Rampant Issues That Most People Take for Granted but Shouldn't
We recently conducted a survey during which we asked 275 Americans to tell us how they treat their passwords. Among other things, we learned that for most people, passwords are a nuisance. This shouldn't really be a surprise when you consider the fact that most of the participants said that they use between 11 and 40 websites and services that require a password. Keeping track of all this data is no easy task which is why users have been looking for ways around the problem.
In all likelihood, you, like the people in our survey, also have more than a dozen accounts to worry about, and you too have probably been looking for an efficient way of handling them all. The problem is, the results of our survey show that you've likely chosen a solution that's less than perfect. Take a look at what people do and see if you can spot some of your own practices in there.
Password reuse is rampant
A whopping 83% of people reuse passwords, and just over 2% of the surveyed admit that they use the same password for all their accounts. More than one in three (35.9%) reuse passwords in between 5% and 25% of the cases, 17.6% do it in 26% to 50% of the cases. 14% of the participants reuse passwords for between 51% and 75% of their accounts, and 13.5% do it between 76% and 99% of the time.
It should be abundantly clear by now that password reuse is one of the biggest cybersecurity mistakes people make. Unfortunately, it's also one of the most common ones.
The prolific reuse of passwords has given birth to an attack called credential stuffing during which crooks steal a password from one website and then use it to compromise multiple accounts. In some cases, however, the password doesn't need to be stolen at all. It can be guessed.
People still use simple, easy-to-guess passwords
You've probably heard that passwords should be long, complex, random strings of letters, numbers, and characters, but our survey shows that users are having none of it. The statistics are quite shocking.
34% of the interviewed use their cat or dog's name as their password. 33% rely on simple number combinations like "123456" and a little less than 30% use common words, adding a "1" or an "!" when confronted by stricter password rules. Other things people tend to think about when creating their passwords include names of children and relatives, birthdates, and school mascots. Less than 17% of the interviewed use a password generator that can generate truly unique, random passwords. The upshot is, despite the numerous warnings, people continue to use horrendously easy-to-guess passwords. There is, of course, a reason for this. Some can conclude that such practices is from an atmosphere of laziness on part of users failing to create complex passwords. Others may simply think that creating a strong password isn’t necessary. However, use of a strong password is essential and will help combat data breach cases or help prevent hackers from infiltrating personal accounts over the vast superhighway that we call the Internet.
Password storage continues to be a problem
More than half (54%) of the people that took part in our survey try to remember their passwords, and roughly the same percentage fail to do it meaning that they're forced to reset their passwords four or more times a year. 28% of the interviewed go through the reset process more than ten times a year.
Those that don't rely on their brains for keeping track of all the passwords engage in other practices that are less than ideal. 22% of the participants use their browser's integrated password manager, and some write their passwords down on pieces of paper. Only 12% of the interviewed use a dedicated password management application that encrypts and organizes their login data.
We at Cyclonis believe that this should change. Furthermore, we believe that this change should come at no cost to the user, both in terms of convenience and money. That's why we created Cyclonis Password Manager – a free tool that helps you keep track of your passwords, credit card and profile information, as well as any other sensitive data that you might want to organize.