Security

Report: Only 55% of users would change password if they were hacked

A recent study found that 91% of people know using the same password for multiple accounts is wrong but 59% do it anyway.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • 59% of people use the same passwords for work and personal accounts, despite the risk it presents. — LastPass, 2018
  • 90% of people said they thought their online accounts were at risk of being hacked regardless of the strength of their password. — LastPass, 2018

Many of us are guilty of using the same password for multiple accounts online, or keeping the same password for years without changing it. Even though we know how unsafe this is, for convenience, we do it anyway. A recent survey commissioned by password management website LastPass confirms the paradoxical views many people have about passwords and highlights alarming trends in personal online security.

According to the study, 5 million records are breached daily, yet few people proactively change their passwords or create passwords that would be difficult for hackers to break. The survey reminds readers that, on average, it takes organizations 66 days to contain a breach and 161 days just to identify that one has even occurred.

"The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users' password beliefs and their willingness to take action," Sandor Palfy, CTO of Identity and Access Management of LastPass parent companyLogMeIn, said in press release. "Individuals seem to understand password best practices, but often exhibit password behaviors that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional."

SEE: Password management policy (Tech Pro Research)

The survey received responses from 2,000 people in the US, UK, Germany, France, and Australia—most of whom were between the ages of 35 and 54. Almost 80% of those surveyed said they had between 1-20 accounts online with passwords. But LastPass did research from their own services and found that people often underestimate just how many online accounts they have. According to their Password Expose, the average employee using LastPass has to keep track of 191 passwords. Nearly 40% of those surveyed said they would never change their password if they didn't have to.

More than 90% of responders said they understood that it was risky to use the same password for multiple accounts, yet 59% still almost always used the same password for different accounts. Nearly 50% said there was no difference between the passwords they used for work accounts and those used for personal accounts, while only 55% of people said they would change their password if they knew they were hacked.

An alarming number of people thought they were immune to the problem, with 51% of people surveyed saying they did not think hackers could figure out their password. Over 20% did not believe there was a problem with using the same or similar passwords for multiple accounts, and 61% of people chalked their refusal to change passwords up to worrying about forgetting their login information.

Only 38% of those surveyed said they changed their passwords every few months, and most only did so because they were forced to or because they forgot them.

The survey discusses, at length, the disconnect between some of the answers to the survey, highlighting the fact that most participants said they understood the need for strong passwords and valued their online security highly, but were apathetic about what measures they could take to protect themselves. Password security was a "serious matter" for 92% of those surveyed and 88% said hacking is a global threat. On the other hand, 90% said accounts are at risk regardless of password strength and 87% told LastPass that they thought factors other than passwords would compromise their online security.

Surprisingly, millennials were less concerned about online safety than baby boomers, who expressed more concern over password security and being hacked than their younger peers—44% of whom believe their accounts are not valuable enough to be targeted by hackers. Almost 70% of millenials use a variation of one or two passwords so that they can remember them easily.

Globally, Germany leads the way in protecting its citizens and forcing people to update passwords frequently. More than 80% of Germans put thought into their passwords, as 72% said they preferred a "secure" password over an easy-to-remember one, and 60% created separate passwords for all work accounts.

The US and Australia were the most proactive in response to a hack, with 60% of respondents updating their passwords in the event of a breach. France was very concerned about the risks associated with password management, yet 34 % said talk of password protection was overblown.

Also see

password.jpg
Image: iStockphoto/maurusone

About Jonathan Greig

Jonathan Greig is a freelance journalist based in New York City. He recently returned to the United States after reporting from South Africa, Jordan, and Cambodia since 2013.

Editor's Picks

Free Newsletters, In your Inbox