The TOP-15 password insights to change your attitude towards them
A study by the University of North Georgia reveals that a new cyberattack occurs every 44 seconds, which corresponds to roughly 2000 cyberattacks per day. Although not all of them are entirely caused by passwords, developing a more sophisticated means of authentication would lower these concerning numbers for sure.
To highlight issues concerning poor password management and the consequences it results in, we’ve summarized some insightful password statistics and facts based on fresh studies.
- A TOP TEN MILLION COMMON PASSWORDS LIST AVAILABLE ON GITHUB REVEALS THAT »12345», »PASSWORD», »12345678», AND »QWERTY» ARE THE FRONT RUNNERS.
The world of passwords we live in has made users insensible to the security measures provided by the password. They take a shortcut and use the simplest strings that are easy to remember – but what concerns enterprises, they’re easy to crack as well.
- 59% OF USERS CREATE PASSWORDS WITH THEIR NAMES OR BIRTHDAYS.
The goal is to create a password that someone else won’t know or be able to easily guess. Stay away from common words like «password,» phrases like «mypassword» and predictable character sequences like «qwerty» or «thequickbrownfox.»
Also avoid using your name, nickname, the name of your pet, your birthday or anniversary, your street name, or anything associated with you that someone could find out from social media, or from a heartfelt talk with a stranger on an airplane or at the bar.
- 43% OF USERS SHARED AT LEAST ONE PASSWORD WITH A COLLEAGUE, FRIEND, OR FAMILY MEMBER.
Password sharing leads to both security and business side issues.
Netflix is a good example of a streaming platform that lost revenue due to unofficial shared accounts as well as customer support costs caused by incoming password reset tickets in case of a compromised account. Moreover, users with bad intentions of having access to someone else’s account could easily compromise access to other services — often requiring the same credentials that are already in possession of the fraudster.
- UPON FINDING OUT ABOUT A DATA BREACH, ONLY 45% OF USERS STATED THAT THEY WOULD CHANGE THEIR PASSWORD.
An incident at Slack is a good example of how the post-incident period should be handled. The company sent out a password reset email to all users who were suspected to be affected during the security incident. Although the approach is more reactive than proactive, it was certainly a good decision to take the matter into the company’s hands and block access to the service with credentials that are known to be compromised.
- IT SPECIALISTS REUSE PASSWORDS MORE OFTEN THAN AVERAGE USERS.
50% of IT professionals state that they reuse passwords across multiple accounts, both business and personal. Also, despite their security knowledge, the same percentage of average users and IT professionals admit to sharing passwords.
- ONLY 32% OF USERS CAN CORRECTLY DEFINE THE TERMS »PASSWORD MANAGER», »PHISHING», AND »2FA».
A survey by Google shows a lack of understanding in terms of online security. The users are not provided with enough resources to protect their accounts by implementing standard security measures. With the rapid development and regulation concerning MFA, businesses must ensure that the average user is familiar with the additional security measures and benefits of 2FA.
- 4 OUT OF 5 BREACHES ARE SOMEHOW LINKED TO PASSWORDS.
A study by Verizon, concerning breaches involving hacking, states that passwords cause 80% of breaches. The most common methods for compromising accounts are lost or stolen credentials and brute force attacks.
- 55% OF USERS WOULD APPRECIATE AN ALTERNATIVE AUTHENTICATION METHOD TO REPLACE PASSWORDS.
A study by Ponemon Institute discovers that more than half of the respondents want passwords out of the picture. The research also states what motivates users to switch to alternative authentication methods. They recognize that passwords provide insufficient security levels, they’re frustrated with frequent password resets, and they don’t enjoy the overall user experience the password provides.
- 65% OF USERS DON’T TRUST WEBSITES AND SYSTEMS THAT RELY ON PASSWORDS.
The average user is aware of today’s cybersecurity threats landscape. Along with enabling user smooth user experience, companies also need to gain the user’s trust in terms of implemented security measures.
- 52% OF USERS REUSE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS.
Google online security survey states that 13% of users use the same password for all accounts, including their email.
- 59% OF FINANCIAL SERVICE COMPANIES HAVE MORE THAN 500 PASSWORDS WITHOUT EXPIRATION DATES.
Companies dealing with sensitive data such as personal and financial information need to enforce secure password management policies. Implementing password-based authentication without requiring mandatory password renewals opens doors for brute force attacks based on exposed user credentials. Protecting your account with the same string of characters can soon prove to be a mistake.
- IT TAKES 280 DAYS FOR IDENTIFYING AND CONTAINING A DATA BREACH.
That is 280 days of detecting and mitigating security implications, contrary to devoting the same amount of time to building a rock-solid security infrastructure. As mentioned, 80% of data breaches are caused by passwords. By eliminating passwords through the implementation of sophisticated means of authentication, you’re investing in bulletproof security and reducing data breach-related costs.
- SURVEY BY LASTPASS: 57% OF USERS TEND TO FORGET THE PASSWORD IMMEDIATELY AFTER RESETTING IT.
Password manager apps come in handy in such cases. But what if a hacker gains access to the password manager? Moreover, what if the password manager requires another password to protect the ones that are stored on the app? We’d end up in an endless loop of passwords and password managers.
- 64% OF USERS AVOID VISITING SERVICES AND WEB PAGES FOR WHICH THEY FORGOT THEIR PASSWORDS.
According to LastPass, users tend to make a U-turn in case they’re aware that they cannot access an account on their first attempt.
- 65% OF SURVEY PARTICIPANTS BELIEVE THAT IMPLEMENTING BIOMETRICS AS A FORM OF AUTHENTICATION WOULD INCREASE THE COMPANY’S OVERALL SECURITY.
The same study by Ponemon Institute also reveals that 55% of users have the same beliefs regarding passwordless authentication.
Showcased numbers point out how passwords make a weak security infrastructure and can not be relied upon. It is no longer a matter of whether an account will be compromised; the question is when the account will be compromised.