Nigel ThorpeTechnical Director
Mistakes humans make with data – Mistake #4: Vulnerable passwords
14 Dec, 2020
Why are we still talking about passwords?
The third Psychology of Passwords report from LastPass by LogMeIn, reveals that people still aren’t protecting themselves from basic cybersecurity risks by using strong passwords, despite knowing they should. It has found that despite year on year heightened global awareness of hacking and data breaches, consumer password behaviours remain largely unchanged.
Its data shows that 91 % of people know using the same password on multiple accounts is a security risk, yet 66 % continue to use them anyway. With people now spending more time online, the evolution of cybersecurity threats, coupled with this unchanged behaviour in creating and managing passwords, is fuelling a new level of concern around online security.
Same old, same old
For many, password behaviour has remained largely unchanged. This includes using weak passwords such as the name of a pet or child and not changing passwords regularly, despite being aware of breaches happening for these very reasons. And while most of us also know that using the same password for multiple accounts is a security risk, way over half of us mostly or always use the same ones.
It appears that fear of forgetting passwords is the number one reason for people not wanting to update or change them and, as most of us get sick and tired of writing down multiple passwords and then having to reset them when we lose the piece of paper, it is understandable.
There is another way
We no longer have to rely on passwords. There are password managers that mean we just have to remember one strong password and multifactor authentication (MFA), is now widely used for personal accounts as well as at work. Other forms of authentication such as using a fingerprint or face to login to devices and accounts, is also becoming more common and more trusted.
With cyber threats facing consumers at an all-time high, coupled with the pandemic’s impact on home working, it is worrying that individuals seem to be numb to the threats that weak passwords pose. Just taking a few simple steps to improve how you manage them can lead to increased safety, both personally and professionally.
No matter how strict the password rules are, sometime, a ‘bad guy’ is going to breach someone’s account. Making this difficult is very important, but so is the recognition that user accounts will get compromised. In which case, data should be encrypted so that if stolen, it will be useless.