WEB USERS FULLY AWARE WHAT MAKES A STRONG PASSWORD BUT USE WEAK ONES ANYWAY
Nearly all web users know how to create strong passwords, but most are still reusing weak words and phrases, according to a report.
A survey by LastPass found that while 95 per cent recognise the characteristics of strong passwords, 47 per cent still use their initials or the names of their friends or family, 42 per cent use significant dates and numbers and 26 per cent use pet names.
Although these may seem hard to crack, this information is often available through social media and common variants are among the first guesses hackers will make.
Meanwhile, 91 per cent of users know the dangers of reusing passwords – as highlighted by recent high-profile data breaches – but 61 per cent continue to do so.
29 per cent of those questioned said they change their passwords for security reasons, although the most common reason for a change was having forgotten the current one.
And worryingly for businesses, 39 per cent of respondents said they create more secure passwords for their personal accounts than their work accounts.
The researchers identified two personality types that lead to bad passwords.
Type A behaviour emphasises a need to be in control. They believe their personal systems put them at less risk, reuse their passwords so they can remember them and are proactive to help keep personal information secure against cyber threats.
Type B personalities rationalise their bad behaviour by convincing themselves their accounts are of little value to hackers. 45 per cent think they are not worth a hacker’s time, and 43 per cent choose easy-to-remember passwords over secure ones.
“Developing poor password habits is a universal problem affecting users of any age, gender or personality type,” said Joe Siegrist, vice president and general manager at LastPass.
“Most users admit to understanding the risks but continue to repeat the behaviour despite knowing they’re leaving sensitive information vulnerable to potential hackers.
“In order to establish more effective defences, we need to better understand why individuals act a certain way online and a system that makes it easier for the average user to better manage their password behaviour.”