Only A Third of Data Breach Victims Change Their Passwords, New Study Finds

Constant worrying and stress do no good for the body, mind, and soul. That being said, some people might be too relaxed about the wrong things. Password security being one of them. Even when passwords are breached, not all people rush to fix the problem. Needless to say, if people do not change passwords after data breaches, their virtual security can be jeopardized, and it can be jeopardized in many different ways by many different malicious parties. To add insult to injury, there are still a lot of people who reuse passwords across platforms, which puts them at even greater risk. Hopefully, by the time you are done reading this report, we will have convinced you that every password must be unique and that changing passwords after data breaches is non-negotiable.

Not all victims of data breaches change passwords

Researchers at the Carnegie Mellon University and Indiana University Bloomington have conducted a study, in which 249 people participated. They reviewed how many of these participants had accounts on 9 different websites (yahoo.com, mufitnesspal.com, chegg.com, disqus.com, cashcrate.com, flvs.net, ancestry.com, Imgur.com, and deloitte.com), all of which experienced password-affecting data breaches between 2017 and 2018. 150 million passwords were leaked during the MyFitnessPal data breach in 2018 alone, and Chegg has faced three data breaches within the last three years. Although the services offered by these platforms are trusted and enjoyed by hundreds of millions of people around the world, even reputable service providers cannot always prevent data breaches. Ideally, breaches are discovered right away, and victims are warned about it so that appropriate security measures could be taken. Unfortunately, in some cases, breaches take months or even years to be discovered. And sometimes, service providers do not report breaches in time despite knowing about the incidents.

The study revealed that out of 63 participants who had accounts on the listed websites, only 21 made changes. That means that two thirds of participants did not change passwords at all. The 2017 Yahoo data breach is, by far, the most heavily reported one out of the nine because of the company’s history with major data breaches, and victims were urged to change passwords individually. However, while 49 participants had Yahoo accounts, only 18 of them changed passwords. This is shocking, but this perfectly illustrates how careless people are when it comes to password security. Sure, not all people grasp the concept of what a password truly is. After all, it is just an arbitrary string of random characters. Also, people often assume that nothing bad will happen to them or that cybercriminals will definitely not be interested in their accounts. Neglect, laziness, and lack of knowledge often lead to poor password habits.

People fail to replace breached passwords with strong combinations

Even when people are quick to change passwords after data breaches, they do not always follow the guidelines for creating strong passwords. Carnegie Mellon University and Indiana University Bloomington researches checked the passwords that 21 participants had changed. Only 9 of them managed to create stronger combinations, while 12 kept their passwords at the same level of strength or even made them weaker. 30 of their passwords were very similar to those that were breached and had to be changed. The study also revealed that password reuse was rampant. In total, 3041 password changes had been observed during the study, and 70% of these changes made no difference in password enhancement or even made the passwords weaker.

There are several hypothetical reasons why people are not more mindful when it comes to making changes. First of all, they might not understand how desirable passwords are amongst cybercriminals, and so they might choose passwords of the same strength or weaker ones just because they do not think that anyone would be interested. Second, they also might not understand how easy it is for cybercriminals to breach, guess, and brute-force passwords with new technology. Finally, password fatigue is a real thing, and people often do not know how to change them or what combinations are considered to be strong. That is due to the lack of basic knowledge.

What is a strong password?

We have answered this question in more detail in previous reports, but here are the basic requirements of a strong password:

  • The password MUST be at least 12-14 characters long. The longer the password is, the stronger it is, but it also has to meet other requirements. If a service allows using only a limited number of characters (e.g., six), you ought to use the maximum length.
  • The combination MUST NOT include specific words, names, locations, memorable dates, or characters that appear to hide guessable words (e.g., Pa$$w0rd).
  • The password MUST contain letters (both upper-case and lower-case), numbers, and special characters if that is possible.
  • The password MUST NOT be repeated and recycled. While it might be easy to create one strong password for all accounts, remember that if one account is breached, all others become accessible with the same password too! Using slight modifications of the same password (e.g., Password and Password 123) is not safe either.
  • DO NOT use default passwords. If you purchase new software or hardware, always change the default to a strong combination.

The problem with strong passwords is that they can be difficult to remember, especially if you have ten, twenty, or perhaps even a hundred of passwords for all of your banking, social networking, shopping, work, bill payment, email, and other accounts. If you have a super brain that is able to remember complex combinations with ease, you are fine. However, if you are a mere mortal like most of us, you might need help managing all of the complex passwords that you create. This is where a trusted password manager comes in handy. Cyclonis Password Manager is very easy to use, it can generate passwords for you, it can help you change passwords after data breaches, it can make logging in easier, and it also can add valuable protection. If this is the last step towards full password security, do not hesitate to give the free 30-day trial a go.

By Foley
September 1, 2020
Password Security
English
September 1, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

T-Mobile Data Breach Forces Customers to Change Their Passwords

Over the weekend, T-Mobile customers started receiving text messages that got them quite worried. Their telecommunication provider had suffered a data breach, which resulted in unauthorized access to customer... Read more

November 26, 2019
News

NewsNow Urges All Users to Change Passwords NOW After Data Breach

Without using any official channels to announce the news to the world, NewsNow, a British news aggregator agency, sent out email notifications to their users saying that changing some passwords might be in order. The... Read more

September 28, 2018
News

Canva Users Are Advised to Change Their Passwords After a Data Breach

Learning that an online service with hundreds of millions of users has found itself on the receiving end of a cyberattack is never a good thing. However, many different factors regarding the nature of the breached... Read more

May 28, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.