When you think of hackers, you probably think of some spy movie where they come down from the ceiling to steal a computer off of a desk and then whisk it away to their laboratory where they input lines of code to crack the encryption. In reality, hacking is often as simple as learning about a user and then guessing their password or even asking them for it: a process called social engineering.
Humans are the weakest link in information security. You can have state of the art encryption, private servers, and multiple levels of password protected everything, but if your password is 123456 or password, you are the weakest link.
What would happen to your company if there was a major data breach?
Fortunately, there are some fundamental things you can to do if you want your passwords to be secure:
- Change your passwords regularly - at least once a year.
- Don't reuse old passwords - you're going to have to make up a new one every time for every account.
- Use passphrases - a sentence can be easier to remember than random letters and will still be secure.
- Use multi-factor authentication - jumping through multiple hoops increases security.
- Never write down passwords, especially online - if you have trouble remembering multiple passwords, use a secure password manager.
The Reality of Passwords Does Not Reflect the Security Ideals.
Unfortunately, users' actual password habits don't reflect these basic security principles. Over 60% of people admit to using the same password for multiple websites, and even though 1 in 5 Americans experiences a compromise of one or more online accounts, 89% still somehow feel that their password habits are just fine.
Reusing passwords is one of the most difficult habits to break, and it also the one practice that can lead to account compromises most easily. People ages 50 to 64 are the least likely to reuse old passwords; only 56% admit to reusing old passwords or using the same password for multiple accounts.
Perhaps what is most shocking is that digital natives between the ages of 18 and 24 are the most likely to reuse old passwords; 76%, a shocking majority, admit to using the same password multiple times.
What's the problem with using the same password on multiple accounts? If a hacker's social engineering conquest is successful and they can get your password to one account, chances are they are going to try those login credentials across multiple sites to see what else they can gain access to.
Still think it's a good idea to have your Facebook login the same as your online banking login?
Users Have a Lot of Passwords to Keep Track of
Keeping track of passwords isn't easy. Seventy percent of people report having more than ten password-protected accounts, and 30% report having too many password protected accounts to count. If you have too many accounts to count, what are the chances you're regularly changing those passwords with secure, unique passwords?
It's not looking good, is it? Would it surprise you to learn that the average email address in the United States is associated with 130 password-protected accounts?
When you take into account the sheer number of passwords you are expected to remember, it's easy to understand why so many people choose to take shortcuts. Almost 40% of people admit to writing their passwords down on a piece of paper, which isn't exactly a great idea.
Another 10% admit to keeping them in a plain-text file on their computer, 7% admit to keeping them in plain text in a Dropbox or other cloud-based file, and only 28% say they are using a secure password manager to keep all those passwords straight.
Many Users Are on the Right Track
Those almost 30% of people using a secure password manager are on the right track. So are the 70% of folks who update their passwords at least once a year. Also worthy of praise are the 56% of folks using complex passwords or passphrases; currently only about 6% of people are creating passwords that are a single, short word. People ages 25 to 34 are leading the way with complex passwords; 67% use very complex passwords, while 30% use somewhat complex passwords.
More than two-thirds of users are more concerned with security than with convenience. If these trends continue, there's a good likelihood that password habits will continue to strengthen into the future, and user-end security will be impacted positively.
Learn more about password habits by generation from this infographic from Digital Guardian. Are you using any of these unsecured password habits? It's time to do a password hygiene audit to see if you are the weakest link in your own security.