Password Security Report: 83% of Users Surveyed Use the Same Password for Multiple Sites
It's estimated that people will have to manage as many as 300 billion passwords by the year 2020. That's 40 passwords for every man, woman, and child on the planet. As you can imagine, that's also a lot of targets for hackers and thieves. Some estimates say that nearly 100 passwords are stolen every SECOND, that's more than 8 million passwords per day.
We wanted to take a look at the password habits of Americans to find out where there is cause for concern. So, we surveyed 275 Americans on how they created, changed, and managed their passwords. Unfortunately, as we discovered, there is a lot of cause for concern.
Let's start with a look at what websites and services people hold most dear to them. According to our data, Americans would rather have their medical records hacked than their social media accounts. Cyclonis asked people to rank which online service they would least want to be hacked. Not surprisingly, online banking was at the top of the list. Social media sites ranked second, which was two spots ahead of health and medical records. For online services, LinkedIn was at the bottom of the list.
Here's the complete ranking of online services that people least wanted to be hacked according to Cyclonis data.
- Online banking
- Social media (Facebook, Instagram, SnapChat, Twitter)
- Online dating profile
- Adult Website/search history
- Personal email
- Work email
Unfortunately, the password habits revealed in the survey for Cyclonis Password Security Report shows that there's a good chance many of these services will be hacked at some point. We looked at a number of password habits that can impact the Cyclonis Password Manager Total Strength Score. This is a score we provide to our users to help them determine the overall health of their passwords. The score looks at things like the complexity of your passwords, how often they are re-used, how often they are changed, and many other factors.
Most people use the same password for multiple sites despite countless warnings
One of the best ways to keep passwords secure is to use different passwords for each website or service that you use. Unfortunately, an astounding 83.15% of respondents said they use the same password for multiple sites. As shown in Figure 1 below, a small but shocking amount of users, 2.20%, said they use the same password for every single website.
Surprisingly, it's rather easy (and careless) to utilize the same password for all your sites. Also, surprising, it's an easy task to implement the use of different and strong passwords for all your sites using an application like our Cyclonis Password Manager (free-of-charge). By using Cyclonis Password Manager, you can generate strong passwords and store them all in a vault for quick access, so you don't become a statistic that failed to secure your accounts and keep access out of the hands of egregious hackers.
Figure 1. Cyclonis Password Security Report survey chart and answer responses on 'How often users use the same password for different websites/online services'
The way we come up with our passwords makes them very easy to guess/hack as well. Cyclonis recommends a random string of letters, numbers, and characters, generated and remembered by the free Cyclonis Password Manager. However, most people employ password picking techniques that are a lot less random, as demonstrated below and in Figure 2 chart.
- 34% of respondents admitted to using their pets' name to come up with their passwords.
- 33% use simple number combinations (12345, 1111, etc.) for their passwords.
- 29% use a very common word and just add a "1" or "!" at the end to satisfy the requirements of the website.
- Only 16.85% of respondents use a random password generator.
- Other common sources for passwords include birthdays, favorite school mascots, and names or numbers of favorite athletes.
Figure 2. Cyclonis Password Security Report chart for most popular password-picking techniques.
Once passwords are selected, far too many people hold onto them for longer than they should as shown in Figure 3 below. Cyclonis recommends users change their passwords every 90 days, but that rarely happens. One third of people surveyed either never change their passwords, or only change them when they've been notified that they have to because of a security breach or they forgot the password. The longer a password remains unchanged, the greater risk of it being compromised. Moreover, when so many people use the same password on multiple sites, the risk grows even greater.
Changing passwords often should be routine but isn't
Figure 3. Cyclonis Password Security Report survey chart for how often users change passwords for websites/online services they use most often.
Part of that last category – changing your password when you forget it – has become an annoying fact of our digital lives. How many times have you tried to enter multiple passwords on a website without getting in? "Is this the one where the first letter is capitalized and I have to add a '!' at the end, or is this the one where I started with a '$' and used all caps?" As more online services require passwords, it will be harder and harder to simply remember them all. The Cyclonis survey found that half of the respondents forget their passwords four or more times a year. 27.95% of people forget their passwords 10 or more times a year, as shown in Figure 4 below. And a whopping 6.96% forget their passwords 16 or more times a year, according to our Cyclonis Password Security Report's findings as shown in Figure 4 below.
Figure 4. Cyclonis Password Security Report survey chart on how many times in a year do users forget online passwords and have to reset it.
It's no wonder so many people have to reset their passwords so often when you consider how most people store and manage their passwords. More than half in our survey (54.41%), said they keep track of their passwords by simply remembering them. Others store them in an unsecured file on their computer, or write them down on a Post-It note or piece of paper near their computer. 21.61% rely on their web browser to remember their passwords. And only 12.09% use a third party password manager to store their passwords.
How do you handle multiple passwords with security and convenience in mind?
At Cyclonis, we obviously believe the most convenient and most secure way to handle passwords is with our free password manager. Each of the other options mentioned above presents the following potential problems.
- Simply keeping your passwords in your head leads to a lot of re-used and eventually re-set passwords. The majority of the people in our survey had between 11-40 different online services/websites that require passwords. That's way too many to easily remember.
- Having a hard copy of your passwords written on a piece of paper is about as secure as posting your password on your living room window.
- Storing passwords in an unsecured file on your computer poses problems, too. Not only can anyone who has access to your computer find your information, there are malware programs designed to seek out files that have the words "login" and "password" in them.
- A lot of people rely on their web browser to remember passwords. But web browsers are often the targets of hackers and are often the sources of data breaches. Such a method also isn't helpful for the people who like to use multiple web browser products.
To keep track of multiple passwords and generate complex passwords, the free Cyclonis Password Manager works directly in your browser to let you access your multiple passwords and log in to your website accounts automatically. Cyclonis Password Manager stores your data in an AES-256 encrypted vault – you simply need your master password to unlock your vault.