Poor password behaviour still rife online, according to popular password manager vendor

Lastpass, a password management company used by millions online, has revealed the numbers behind the naïve password behaviour which still plagues internet use. 

In a study into the psychology of password behaviour, it was found that 65 percent of those surveyed re-use passwords across accounts. More worryingly, the study of 3,750 people revealed that 45 percent did not change their passwords in the past year even after a breach had occurred. 

These numbers come despite the fact that 92 percent realise that using the same password or a variation is a risk and 79 percent of respondents agree that compromised passwords are concerning. 

The risk with not using unique passwords is that one stolen password gives a hacker opportunity to access many accounts. When asked to justify why they reuse passwords, 68 percent said it was because they are afraid of forgetting them. 

Regarding the specific types of accounts users hold online, only 68 percent said they would create stronger passwords for financial accounts; 49 percent said they would for email accounts; 39 percent for work-related accounts and just 31 percent for medical records. 

Another concerning statistic which emerged from the study was that a mere 8 percent of people believe a strong password should not have ties to personal information. As a result, the vast majority of users are likely to create password that include information relating to public data, such as birthdays and addresses.  

Although there may be signs of some improvement in online security practices – 76 percent claim to use multi-factor authentication for both work and personal use (a 10 percent increase on last year) – there are also concerning rises in other areas. For example, the past year saw a 5 percent increase (up to 20 percent) in the number of people who shared photos of their pets with their names and then proceeded to use their names in passwords. 

Increased remote working since the pandemic brought with it added security challenges. However, the study by Lastpass revealed that 47 percent did not change their online security habits since working remotely, and 46 percent did not change their passwords. 

“With ever-expanding digital lives and lack of cybersecurity support, a combination of habits, emotions and lack of urgency keep people from changing their online behaviours,” said the company. 

They recommend a password which uses “nonsensical phrases peppered with numbers and symbols as opposed to individual words” which makes them “longer, stronger, and easier to remember while also making them more difficult for hackers to crack.” 

Good password behaviour should consist of: 

• Unique passwords 
• Nonsensical combinations of characters 
• Multi-factor authentication 
• Updating passwords after a breach 

With society more reliant on online use than ever, the importance of practicing good password behaviour is critical.