Three out of four online users in the United States and Europe are putting themselves at risk of being hacked due to poor password practices, according to a study released Tuesday by a password management solutions provider.
The study by Keeper Security, based on a survey of 8,000 people in the United States, United Kingdom, France, and Germany, found that 75% of the respondents admitted they don’t adhere to password best practices, while nearly two-thirds (64%) acknowledged they’re using weak passwords or repeat variations of passwords to protect their online accounts.
“In order to analyze people’s personal cybersecurity hygiene, we asked which animal they would identify with in regard to their cybersecurity behaviors,” Darren Guccione, CEO and co-founder of Chicago-based Keeper, explained in a statement.
“With over one in four people describing themselves either as an ostrich burying their head in the sand, careless as a bull in a china shop, or a possum paralyzed with fear, the industry clearly still has much work to do to get more people comfortable with cybersecurity and better protected as a result,” he added.
At first glance, the Keeper report noted, these results may come as a shock, especially to those in the cybersecurity industry who have been touting these simple best practices for years.
However, the report continued, when considering more than one in three people (35%) globally admit to feeling overwhelmed when it comes to taking action to improve their cybersecurity, and one in 10 admit to neglecting password management altogether, the results are much less of a surprise.
Diverse Accounts, Ignorance Yield Poor Password Hygiene
According to information security professionals, various reasons contribute to the low rate of compliance with principles of good password hygiene. “In general, password behaviors are terrible,” maintained John Gilmore, head of research at DeleteMe, a privacy service in Boston that helps users remove their personal information from data broker websites.
“Report after report has shown that less than half of the general public follows every rule for password safety properly,” he added.
“The simple answer to why they don’t is the diversity of accounts that have to be maintained in the modern world,” he said. “Twenty years ago, most people had three of four online accounts. Now they have to manage social media, work, conferencing, learning, and others. Ever since the pandemic hit, the number of accounts people have has exploded.”
Sloppy Hygiene
According to Marcus Scharra, Co-CEO and co-founder of Senhasegura, a provider of privileged access solutions in Sao Paulo, Brazil Ignorance is also a reason for sloppy hygiene. He adds: “There is a lack of cybersecurity awareness, with many individuals unaware of the importance of strong passwords and the risks of weak ones,”>
“Despite all of the information out there on the importance of strong passwords and enabling MFA [multifactor authentication], the average user doesn’t understand why,” added Guy Bauman, CMO and co-Founder of IronVest, an account and identity security company, in New York City.
“They aren’t necessarily aware of the fraud industry, how it works, and how their compromised account logins are being sold for peanuts on the dark web,” he added.
Password Overload
Inconvenience is another factor influencing password management behavior, noted James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization devoted to minimizing risk and mitigating the impact of identity compromise and crime, in San Diego, Calif.
Robert Hughes, chief information security officer at RSA, a cybersecurity company in Bedford, Mass., pointed out that the framing of the compliance question to the respondents could have made the situation seem bleaker than the actual reality.
“People have dozens of passwords, so whether they can say they use unique passwords on all accounts might have impacted how some people answered that question,” he added.
“But generally,” he continued, “it’s difficult for users to keep track of their passwords when they’re expected to have a different password for every application they use. “
“Without using a password manager,” he added. “I’d say that I can’t believe that anyone really has unique, strong passwords everywhere.”
Many users fail to follow best password practices due to overwhelming account diversity and a lack of cybersecurity awareness.
