Password Security: People Know What They Are Doing is Risky But Do it Anyway
A global survey of 3,250 respondents has shown that 66% "always or mostly use the same password or a variation", even though 91% know it's risky.
The over-riding theme uncovered in the "Psychology of Passwords: The Online Behavior That’s Putting You at Risk" report is that people know what they are doing could jeopardise their cyber security, but do it anyway.
"Most people believe they are knowledgeable about the risks of poor password security," stated the researchers. "However, they are not using that knowledge to protect themselves from cyber threats."
Despite 80% of respondents agreeing that having their passwords compromised is something they're concerned about, it seems that many of them have taken the 'it won't happen to me' approach to cyber security:
- 42% say that having a password that's easy to remember is more important than one that is very secure
- 53% haven't changed their password in the last 12 months, even after hearing about a breach in the news
- 48% said if it’s not required, they never change their password
This lax approach to password security could be put down to the fact that many people don’t realise how much of 'them' is online. The survey revealed that more than 70% of people believe they had anywhere up to 20 accounts online, whereas this figure is closer to 40.
"Each online account is a vulnerability point that can be breached, and people don’t realize how many points of entry hackers have to their lives," stated researchers.
People are also unaware of the value of their online information, and 42% of respondents believed their accounts "aren’t valuable enough to be worth a hacker’s time."
Individually, this might be true, but hundreds of thousands of pieces of data e.g. credit card numbers, being sold en masse on the dark web amounts to big bucks. And if information (of yours) is stolen from one site it might - if the password security stats are to be believed - give hackers access to many other of your sites and even those of others.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
