How password neglect is helping hackers win

It’s no secret that the cybersecurity landscape has been marred by breach after breach over the last few years. From large companies, like Equifax and Uber – and most recently British Airways – to smaller companies and even individuals, it’s been hard to ignore the fact that our data is being compromised left, right and centre. The average person who previously had no knowledge or interest in data security, is now finding themselves bombarded by headlines condemning the latest high-profile organisation to become a victim of data theft.   

And unfortunately, if passwords and email addresses are stolen in one breach, any other online account that you’ve reused the same combination is at risk. Our digital selves are very much at risk, but are we taking the necessary steps to keep them secure?

Behavioural barriers

If the sheer scale of data breaches alone isn’t enough, recent research has confirmed that even though people are aware they need to do more to protect their accounts, they’re still not taking the necessary action to follow through. Even though we know the dangers, our password behaviour still isn’t improving.  

This is a human trait that’s not just limited to passwords. For example, we all know we should eat five portions of fruit and veg a day, drink 8 glasses of water, or floss our teeth regularly, but does everyone do so? Unlikely. And the same idea applies to our digital worlds – despite the clear risks, the majority of people aren’t taking their online security seriously. This is shown by the fact that 91% of people recognise that using the same or similar passwords for multiple logins is a security risk, yet over half (58%) mostly, or always use the same password or variation of the same password.

There are a number of reasons behind this lax password security, including habit, fear of forgetting a password, and simply having too many accounts to memorise. But the overarching theme is that users will do what’s most convenient and feels natural, even if that means putting their personal data at risk.  

Convenience calls

When it comes to passwords, having to memorise multiple unique, complex passwords – all containing special characters, capital letters and numbers – and then change them frequently, just isn’t natural behaviour.

This is particularly true given that the average user today has nearly 200 online accounts. You’d have to be a genius to remember separate passwords for all of them, especially those accounts you don’t use regularly, or that are still active but haven’t been used in years – MySpace anyone? The result is that users cut corners at the expense of their own security.

To overcome this problem, password management has to be made as easy and convenient as possible for users in order to elicit a change in behaviour. And thankfully, by using password manager tools that do all the hard work for you, it’s not hard to keep your passwords and online life safe and easily accessible.  

Until users recognise how simple the process of managing several different, complex passwords can be with the right tool, the hackers will always have the upper hand.

Rachael Stockton, Director of Identity and Access Technologies at LastPass

Leave a Reply