Industry News

Same-Password Curse: Users Hesitate to Strengthen Passwords, Yet Fear Hackers

Consumers are reluctant to protect their accounts with multiple strong passwords, yet they worry weak ones will leave them vulnerable to hackers, multiple studies show.

Out of a lack of awareness or a lack of education on security measures, users are not taking the steps needed to decrease online risks.

password-

Source: Pixabay

Some 44% of US consumers use the same password for multiple online accounts, and 39% have checked their financial data online on public networks, according to MasterCard’s Emotion of Safety & Security Survey.

Only 30% of US consumers are confident their passwords will protect their online accounts. Meanwhile, consumers have an average of 24 online accounts, but use only six unique passwords to protect them. Nearly three quarters of the accounts use duplicate passwords, Consumer Account Security Report shows, a study conducted by Qualtrics and SSI. Consumers rarely change their passwords. Almost half (47 percent) use a password that hasn’t been changed in five or more years and 77% use a password that is at least a year old.

The 10 most used passwords worldwide in 2014 are easily guessable: 1. 123456; 2. Password; 3. 12345; 4. 12345678; 5. Qwerty; 6. 123456789; 7. 1234; 8. Baseball; 9. Dragon; 10. Football. In 2014, the top 10 passwords represented about 1% of passwords exposed, according to Splash Data. Passwords comprised of numbers alone, especially sequences, should be avoided.

Websites now require stronger passwords or combinations of letters and numbers to enhance security and avoid hacks.

According to Microsoft a strong password:

  • is at least eight characters long.
  • does not contain your user name, real name, or company name.
  • does not contain a complete word.
  • is significantly different from previous passwords.
  • contains uppercase letters, lowercase letters, numbers and symbols found on the keyboard.

Remember your strong password by following these tips:

  • Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son’s birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4for your password.
  • Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son’s birthday is 12 December, 2004 could become Mi$un’s Brthd8iz 12124 (it’s OK to use spaces in your password).
  • Relate your password to a favorite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.

61% of consumers have not enabled two-factor authentication for any online accounts. Here is a simple guide that helps you enable this feature.

About the author

Răzvan MUREȘAN

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on hotforsecurity.com

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Most of my passwords are not in English. I add a number that is significant to me and encrypt it, (it’s only cubed…but it would be hard to know that) so only I know what the number is and how I got it, along with various symbols and/or made up words that have significant meanings.
    I store a passwords file on a USB stick, in case I ever forget, and its file name is not in English.