A NordPass survey explores how people manage passwords and found forgetting one is as anxiety-inducing as losing a wallet.
Cybersecurity, starting with passwords, is challenging for most. In a recent study by NordPass, data breach and identity theft were among the most stress-inducing, and 76% of respondents compared, without hyperbole, a data breach to such life-changing events as personal injury, illness, and a financial problem.
The NordPass study, which anonymously surveyed 700 people across the US, also indicated that 80% of respondents compared identity theft to having personal documents stolen or the loss of a wallet.
It could be argued that "I can't remember my password" is as commonly heard as "I love you." NordPass revealed that the capacity to remember all passwords is extremely stressful, with 67% percent of those polled equating the loss of a password with dismissal from work.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
And many of the questions posed are relatable. Some are reluctant to use the suggested, super long password a device automatically chooses; there is a fear that if you need to clear your cache, what if it clears your saved passwords? Forty-one percent of people say they "can't remember which password is for which account," and 38% "can't remember because they use unique ones for each account.
And with different passwords for computers, tables, iPads, phones, apps, programs, and websites, it's challenging to remember them all. The universal problem of password memorization is difficult, and 66% of people polled said in the report that "they simply have too many accounts to manage."
It isn't surprising, "that people struggle with effective password hygiene," said NordPass' security expert Chad Hammond.
The study revealed that seven of 10 polled have more than 10 password-protected personal accounts, and two out of 10 have more than 50 personal password-protected accounts; "add all work and school-related accounts and it ends up being a huge amount of information," Hammond said.
More than 30% of people think that resetting and coping with passwords is hugely stressful, and comparable to the stress of retirement.
Accounts are like snowflakes
Respondents don't believe all accounts are created equally—some accounts are more important than others. For example, 82% of the people polled "think it would be very harmful if their bank accounts get hacked," while 73% agree that having their personal email hacked "would be extremely damaging," and 71% feel similarly in regards to large online store (eBay, Amazon, and more) accounts.
People are less concerned about other types of password-protected accounts, and 45% stated that if a fitness app or an online forum such as Reddit or Medium is hacked it would be harmful.
"People tend to worry about financial accounts more," Hammond said. "But it's important to remember that if you use weak or repurposed passwords, it doesn't matter which account gets hacked. In essence, all accounts become jeopardized."
Password hygiene is sorely lacking
Even the most critical accounts are left insufficiently secured, the survey found. For example, only 53% use a unique password to protect banking and other financial accounts. Only 46% protect their personal email account with a unique password.
NordPassed found 22% of respondents had been victims of cybercrime. Out of all victims, 57% consider themselves tech savvy, with 48% falling between the ages of 25 and 44, 15% are business owners, 12% are managing directors.
Hammond observed: "We started seeing a pattern when comparing the data of cybercrime victims and those who have never fallen prey. People who have been hacked tend to have more password-protected accounts. They're also more ready to admit it's extremely challenging to manage them."
Victims of cybercrimes have a different attitude toward passwords. "Victims become more concerned about their email, forums or entertainment, communication, health apps' accounts," Hammond said. "They also acknowledge the necessity of strong passwords for these accounts more often. However, they don't seem to take any action. Victims of cybercrime don't tend to secure their accounts with unique passwords more often than those who haven't experienced cybercrime."
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)