Exclusive: most people still reuse their passwords despite years of hacking
>
The results are in for our exclusive password manager research in collaboration with OnePulse, and we discovered a few surprises.
As we all accumulate an increasing number of digital accounts, password protection is more important than ever. With the arrival of password generators and multi-factor authenticationefforts are being made to make our online world both safer and more convenient.
However, it seems that, for whatever reason, many people are still not fully on board and are stuck with the old ways of password management.
The results
In a hardly surprising response, more than 60% said they reuse passwords for multiple accounts. Most did this because they didn’t bother to remember several (40%) and others didn’t feel they were in danger of being hacked (27%). Only 33% said they did not reuse passwords.
Despite the ease with which password generators can be used in today’s online world, a whopping 65% chose to make their own. Perhaps they are not aware of it, or do not trust them; or maybe they’re worried that if they don’t have access to their saved passwords, they’d be locked out of their accounts because they’re too complex to remember.
Whatever the reasons, it was the clearest result in our study. Perhaps we shouldn’t be too surprised, since most people don’t use password managers either.
Of those who did use a generator, most used the one integrated with their browser (15%), while others used an online generator (13%) and only a small minority used a generator from another source (6%).
People’s diligence seemed to vary when it came to crossovers between work and personal passwords: 34% said they don’t share multiple passwords between the two, and 30% said they sometimes do. About 20% each said they often or always did.
Password advice
One of the foremost experts on good password practices is: Bill Burr, who wrote an influential manual on the subject in 2003, published by the US National Institute of Standards and Technology (NIST). It praised the virtues of creating passwords that are as random as possible and changed regularly. Many websites then demanded passwords based on his criteria.
The problem is that in practice, as people accumulated more and more accounts, they naturally resorted to more simplistic passwords. They’d only tweak them a little bit: maybe if you put the number 1 at the end of your password for one login, you’d probably pick 2 for another, and so on.
Bill Burr regretted his first advice. Experts now recommend that when you create your own password, it’s better to use a random but memorable string of three words. According to analysis, such passwords are much harder to crack than those that use a single word with a combination of numbers and special characters, and are also easier to remember.