While people have realized the pitfalls of password security, about two-thirds continue to use the same password, or some variation of that password, for their accounts. That’s a troubling admission given that the average person has at least 50 online accounts, according to a recent survey.
Research by password security company LastPass found that the issues don’t just affect people, but the organizations they work for as well. Following the pandemic and the shift to remote working, seven in 10 employees worked remotely and made more use of online services, but only 35% of companies forced their employees to update their passwords more regularly or to change their passwords. use multi-factor authentication or other strong authentication methods.
The results suggest that knowledge and education may not be enough to convince people – or their businesses – to adopt better password habits, says Katie Petrillo, a senior executive at LastPass, which is part of LogMeIn.
“We have found that the presence of risk does not inherently motivate people to adopt better security,” she says. “With the workplace changing and everyone spending more time online, individuals and businesses must prioritize their online security. “
As software companies, device makers, and some users have gotten better at security, attackers have, over the past decade, turned to capturing credentials and using them to gain access. remote and cloud services. In late 2019, for example, enterprise technology provider Citrix fell prey to a credential-based attack, allowing attackers to compromise the corporate network. In 2020, more than 190 billion attempts to use credentials fraudulently were detected by internet infrastructure company Akamai.
Still, passwords are convenient, and users’ choices tend to be a trade-off between what they see as usable security, wrote Vasu Jakkal, corporate vice president for security, compliance and security. Identity at Microsoft, in a blog post last week, noting that 20% of people accidentally prefer to “reply all” to an email rather than reset a password.
“They’re a prime target for attacks, but for years they’ve been the most important layer of security for everything in our digital life – from emails to bank accounts, shopping carts to video games,” she wrote. “We’re supposed to create complex and unique passwords, remember them and change them frequently, but nobody likes to do that either.”
The LastPass study confirmed that individuals and businesses still have password issues. The company surveyed 3,750 professionals from seven countries – the US, UK, Australia, Singapore, Germany, India and France – asking them basic questions about how they and the companies they worked for used passwords.
While more than two-thirds of people, 68%, create stronger passwords for financial accounts and about half for email accounts, only just over a third would create strong passwords for accounts. work-related, according to the survey. Additionally, 45% of people haven’t changed their password in the past year, even after a breach. Some 83% of those surveyed would not know if their information had been leaked to the Dark Web.
The shift to remote working during the pandemic – and the momentum to continue working remotely – has had a major impact on businesses over the past 18 months. Seven in ten respondents worked remotely, at least part-time, during the pandemic and about the same number also spent more time online.
Additionally, most people have seen their online footprint increase during the coronavirus pandemic. Over 90% of those surveyed created at least one new online account this year, and half of those surveyed saw the number of accounts they used online increase by 50%.
“[C]Businesses and individuals should treat all identifying information as vulnerable, ”says Petrillo of LastPass. “You may think that your personal credentials like gym or birthday information are of no value to hackers, but if those credentials are similar to your banking information, a breach could also leave your financial information exposed. . “
There was good news, however: more than three-quarters of respondents (76%) used multi-factor authentication for business or personal reasons, an increase of 10 points from the previous year.
Same theme, different study
Other companies have found similar results. In a survey released last week, authentication provider Cisco Duo Labs found that 72% of people regularly use two-factor authentication for security, limiting the damage caused by stolen credentials. Attackers regularly check passwords within hours and then use them in attacks, according to a study released by email security firm Agari in May.
Overall, the most common reasons people re-use their passwords? They don’t want to forget their password (68%), they want to be in control of their passwords (52%), and they think their accounts aren’t valuable enough to be more secure (36% ), according to the LastPass survey.