Poor Password Practices: An Alarming Concern
- October 9, 2023
- 7:58 am
Cyber risk is rising at an alarming rate, like never before. With the latest technologies keeping us connected and bringing boundless possibilities, they are also opening doors to cyber risk and cyber security threats. One of the main loopholes that hackers exploit is weak passwords and poor password practices.
This article will shed light on the prevalence of inadequate password practices among individuals, emphasizing the significance of this issue and providing guidance on implementing proper security measures.
A study by a password management solutions provider recently declared that almost 75% of Americans and Europeans are jeopardizing their privacy and cyber safety due to poor password practices.
A survey of 8,000 people revealed that nearly 6,000 respondents (75%) stated that they do not comply with the best password practices. Meanwhile, nearly 64% of the respondents have been using weak passwords and are found guilty of repeating variations of passwords to keep their online accounts password-protected. This study was done by Keeper Security in the United States, the United Kingdom, France, and Germany.
In a statement, Darren Guccione, the CEO and co-founder of Keeper, based in Chicago, said, “To analyze people’s personal cybersecurity hygiene, we asked which animal they would identify with regarding their cybersecurity behaviors.”
The results he shared were astonishing. Nearly 25% of people described themselves as an ostrich burying their head in the sand, careless as a bull in a china shop, or a possum paralyzed with fear. Based on these results, he mentioned that the industry has a long way to go to ensure that people get comfortable with cybersecurity and are protected better.
The results of the survey could come as a shock to a lot of people, especially those in the cybersecurity industry, who have been trumpeting these practices for years.
As the report continues further, it becomes apparent that over one-third of respondents globally feel overwhelmed to take action to improve their cybersecurity. It also highlights that around 10% of the applicants admitted that they neglect password management altogether. These findings came as a shock to us, as they take such a huge obstacle so lightly.
From Ignorance to Vulnerability
John Gilmore, head of research for a privacy service in Boston named DeleteMe, exclaimed that password behaviors in general are terrible worldwide. In one of his comments to TechNewsWorld, he stated, “Report after report has shown that less than half of the general public follows every rule for password safety properly.”
According to information security professionals, various reasons contribute to the low rate of people adhering to good password practices. However, one of the flags that John raised regarding password practices was the habit of people opening diverse accounts in the modern world. He added that around twenty years ago, a majority of people had over three to four accounts online. With the advent of the latest technologies, this number has just been increasing over the years, at a rapid pace. People have to stay updated about everything, be it to maintain an image in society or grow their business. From social media platforms to work accounts, conferences, and many others, online presence has become the norm.
With the latest outbreak of COVID-19, the world has changed drastically. It has changed how people function daily. It has connected everyone online, be it out of choice or without leaving any. The number of accounts people own has exploded to a number like never before.
Another key reason for non-compliance with good password practices is ignorance. Marcus Scharra, co-CEO and co-founder of Senhasegura, a provider of privileged access solutions in Sao Paulo, Brazil, told TechNewsWorld, “There is a lack of cybersecurity awareness, with many individuals unaware of the importance of strong passwords and the risks of weak ones.”
Guy Bauman, CMO and Co-Founder of IronVest, an account and identity security company in New York City, added to Marcus’s comment, saying that an average user does not understand the importance of strong password practices, even though everyone has been reminded time and again of the importance of enabling multi-factor authentication. Even though they are aware of its importance, they do not take it seriously enough, as they aren’t fully aware of the fraud industry, how it functions, and how they are compromising their privacy and taking a risk of unwanted hacking and cyber threats.
James E. Lee, the Chief Operating Officer of the Identity Theft Resource Centre, a nonprofit organization headquartered in San Diego, California, is dedicated to reducing risk and alleviating the consequences of identity compromise and crime. In one of his comments to TechNewsWorld, he highlighted how inconvenience is another key factor playing a role in poor password practices.
He added on, saying that in many cases, people even have up to 100 different passwords, which they are struggling to juggle and manage. With so many passwords to manage, it is next to impossible to remember all of them, let alone secure yourself from cyber risks.
Robert Hughes, who serves as the Chief Information Security Officer at RSA, a cybersecurity firm located in Bedford, Massachusetts, noted that the way the compliance question was presented to the respondents may have portrayed the situation as more negative than it truly is.
Similar to James, he added that people have multiple passwords to juggle between, so whether they can say that they use unique passwords on all accounts could have impacted how a few of the respondents answered the question.
He also highlighted how it is really difficult for users to keep track of their passwords while having different passwords for every application or platform they use. The key highlight of his comments was, “Without using a password manager, I’d say that I can’t believe that anyone has unique, strong passwords everywhere.”
Analyzing the situation, Craig Lurey, CTO and Co-Founder of Keeper, mentioned that the ideal way to go about this situation to keep people protected is by using a password manager.
Using a password manager after creating and storing unique passwords for all digital accounts will offer protection against various cyber risks, such as phishing attacks and malicious links, as these managers come with various unique features to safeguard you. One of the highlights is that these managers will not fill in credentials if the URL does not match the ones in the user’s vault.
“A password manager can also be paired with dark web monitoring, so users can stay abreast of all account information and act immediately if credentials are compromised,” he commented.
Call for Enhanced Password Management
The study also revealed that nearly 36% of respondents believed they effectively managed all their passwords. However, only a third of them followed the best-suggested practices, which allowed them to use strong and unique passwords for all their accounts.
This disparity indicates that the respondents to the survey are still not fully aware of their poor password practices. They feel that they are safe and sound; meanwhile, they are opening up vulnerabilities for cyber safety. It is likely a combination of both factors, the report added.
Scharra highlighted these two factors that are contributing barriers to breaking the connection between perceived and actual secure password management. Users lack visibility into their poor password protection practices. He highlights that one of the reasons behind this void could be the lack of access to tools or feedback on the risks of password reuse. This situation misleads them to assume that they are safe with the password protection practices that they follow.
“Some users may also overestimate their password management abilities, believing that reusing passwords or making slight variations is secure enough,” he added.
When it comes to cybersecurity, there is plenty of advice, tips, and tricks to safeguard oneself from cyber threats. However, the survey indicates that the plethora of information available can overwhelm people around the globe.
While the respondents believe that strong passwords are the single best way to combat cyber risks, the majority of them fail to inculcate and follow industry-recommended password practices in their everyday lives.
Despite all the findings and learnings, it is certain that three-fourths of people do not adhere to strong password practices and believe that cybersecurity is easy to understand, while they aren’t aware of how deep this ocean is.
The report concluded by declaring, “Now is the time to bridge that gap.”