Three out of four online users in the United States and Europe are leaving themselves vulnerable to hacking due to their poor password practices, warns a new study released by Keeper Security, a leading password management solutions provider. The study, based on a survey of 8,000 individuals from the United States, United Kingdom, France, and Germany, revealed that 75% of respondents admitted to neglecting password best practices. Furthermore, nearly two-thirds (64%) acknowledged their use of weak passwords or repetitive variations to secure their online accounts.
Darren Guccione, CEO and co-founder of Keeper, based in Chicago, explained the significance of the study’s findings, stating, “To assess people’s personal cybersecurity hygiene, we asked them to identify an animal that reflects their cybersecurity behaviors.” He added, “Over a quarter of participants described themselves as either an ostrich burying their head in the sand, careless as a bull in a china shop, or a possum paralyzed with fear. These results clearly indicate that there is still much work to be done in the industry to make people more comfortable with cybersecurity and better protected as a result.”
At first glance, the report by Keeper observed that these results might come as a shock, especially to cybersecurity professionals who have been advocating for these basic best practices for years. However, the report continued, when considering that globally, more than one in three people (35%) feel overwhelmed when it comes to improving their cybersecurity, and one in 10 individuals neglect password management altogether, the results become less surprising.
According to experts in information security, multiple factors contribute to the low compliance rate with good password hygiene. John Gilmore, head of research at DeleteMe, a privacy service in Boston, stated, “In general, password behaviors are terrible. Numerous reports have consistently shown that less than half of the general public adheres to every rule for password safety.” He attributed this phenomenon to the increased diversity of online accounts that individuals must manage in today’s digital age. “Twenty years ago, most people had only three or four online accounts. Now they have to handle social media, work, conferencing, learning, and other accounts. Since the onset of the pandemic, the number of accounts people have has skyrocketed.”
Ignorance also plays a significant role in the lack of password hygiene. Marcus Scharra, Co-CEO and co-founder of Senhasegura, a privileged access solutions provider in Sao Paulo, Brazil, highlighted the lack of cybersecurity awareness among individuals. He stated, “Many individuals are unaware of the importance of strong passwords and the risks associated with weak ones.” Guy Bauman, CMO and co-founder of IronVest, an account and identity security company in New York City, added, “Despite the abundance of information available on the significance of strong passwords and enabling multifactor authentication, the average user lacks understanding. They are not necessarily aware of the fraud industry, how it operates, and how their compromised account logins are sold for minimal sums on the dark web.”
The inconvenience of managing numerous passwords also contributes to poor password management behavior. James E. Lee, the chief operating officer of the Identity Theft Resource Center, a nonprofit organization in San Diego, California, dedicated to minimizing identity compromise and crime, explained, “Individuals are trying to keep track of nearly 100 different passwords in many cases. It is simply impossible for an individual to remember all of them.” Robert Hughes, the chief information security officer at RSA, a cybersecurity company in Bedford, Massachusetts, pointed out that the wording of the compliance question posed to respondents could have made the situation seem bleaker than reality. He said, “Considering that people have dozens of passwords, whether they can claim to use unique passwords for all accounts might have affected how some individuals answered that question. But generally, it is difficult for users to remember their passwords when they are expected to have a different password for each application they use. Without using a password manager, I find it hard to believe that anyone truly has unique, strong passwords for everything.”
Using a password manager is an ideal solution for users to protect themselves, emphasized Craig Lurey, CTO and co-founder of Keeper. He highlighted the benefits, stating, “By creating and storing strong and unique passwords for all digital accounts, a password manager can offer protection against phishing attacks and malicious links. It will not autofill credentials if the URL does not match what is stored in the user’s vault.” Lurey added, “A password manager can also be combined with dark web monitoring, allowing users to stay informed about any compromised account information and take immediate action if necessary.”
The study by Keeper also revealed that over one-third of respondents (36%) believed that all their passwords were well-managed. However, among those who held this perception, only one in three followed the best practice advice of using strong and unique passwords for all their accounts. This disparity suggests that those surveyed either remain unaware of good password practices or are overly confident in their cybersecurity. Marcus Scharra suggested two factors contributing to this disconnect between perceived and actual secure password management. He explained, “Users may lack visibility into password security practices and may not have access to tools or feedback on the risks of password reuse. As a result, they assume that their current practices are sufficient. Additionally, some users may overestimate their password management abilities, believing that reusing passwords or making slight variations is secure enough.”
While there is no shortage of cybersecurity advice available, the survey conducted by Keeper revealed that more than a third of individuals worldwide find the overwhelming amount of information on the subject difficult to navigate. The report concluded, “Although respondents tell us that they believe strong passwords are the best way to achieve personal cybersecurity, the majority fail to implement industry-recommended password protection practices in their daily lives.” Keeper urged the need to bridge this gap and enhance cybersecurity awareness and practices among the general public.