Google: Most people still have terrible password habits

Celebrate Cybersecurity Awareness Month by turning on two-factor authentication and replacing your "fido123" password.

5 reasons you should be using a Password Manager Need a reason to use a password manager? How about five?

It feels like a personality test that will reveal your deepest traits. There are two questions to this quiz:

  1. Do you share your Facebook/Netflix/Amazon passwords with a significant other?

  2. Do you change your password if you break up with that significant other?

According to a new survey by Google and Harris Poll, among people who share their passwords, only 11% report changing their password after a breakup. 

SEE: <strong>Two-factor authentication: A cheat sheet (free PDF)</strong>  (TechRepublic)

Even among people who don't share their passwords with other people, Americans are pretty lax about security. Only 37% use two-factor authentication and only 34% change their passwords regularly. People who use password managers are the minority at 15%. The "United States of Passwords" poll of 3,419 US adults asked about password habits and online security.

Fifty-five percent of people surveyed said wouldn't even bother to change their passwords following a data breach. Given these dismal stats, Google is trying a new approach to encourage better password habits.

The Password Checkup tool, released in February warns a user if the username and password that they're using was stolen in a data breach. The extension then prompts the user to change their password if needed.

Google is building on this technology to make it more accessible for all users.

Beginning today, Google is integrating the Password Checkup into the Google Account's password manager. It automatically checks all saved passwords for security issues and displays them in 3 categories:

  • Passwords that have been compromised in a known third-party data breach. Somebody else has the username and password and can log into your account.
  • Passwords that are being reused across different sites. If someone gets your reused password, they can use it to sign into your other accounts as well.
  • Passwords that are considered weak and should be changed. Weak passwords can be easily guessed by attackers.  

Then the user can update or change any at-risk passwords.

Later this year, Google will integrate this same technology into Chrome. If a username and password has been compromised in a known data breach, Google will show an automatic warning and suggest that the user change his or her password.

It's National Cybersecurity Awareness Month - what better time to update your own passwords and your security habits. The U.S. Department of Homeland Security and the National Cyber Security Alliance launched the first awareness month back in 2004. This year's theme is "Own IT. Secure IT. Protect IT."  

If you don't have any festivities on your calendar to mark this awareness month, you can watch the Data Privacy Day conversations that covered new laws, the cloud, and developing technologies or sign up to become a NCSAM champion to encourage personal responsibility and proactive behavior to protect digital privacy.

screen-shot-2019-09-30-at-2-33-18-pm.png

Image: Google/Harris Poll, "United States of Passwords" survey, October 2019