Users might be more security conscious – but that won’t change them

Poor password hygiene remains unchanged despite an increased awareness of cyber threats, a new study claims.

Computer users are still deploying terrible habits when it comes to password security, by choosing simple phrases and repeating them over for multiple accounts.

This is despite a huge number of people knowing that doing so poses a security risk.

The findings come as the infosec community celebrates World Password Day.

Security firm LastPass commissioned the study, which found that 91% of people polled knew that reusing passwords is hazardous.

Even so, 59% admitted that they still repeat passwords across up to 20 online accounts.

Of this percentage, 61% said they did so because they were worried of forgetting their login details, while 50% said it also made them feel more in control.

The study polled an unknown number of people across the UK, US, Germany, Australia, and France.

These habits didn’t just apply for personal accounts but work logins, too.

A shocking 62% of people choose the same details for both work and personal use, and only 19% said they create stronger passwords for their work accounts.

Overall, the study noted, security-conscious thoughts are not translated to real-life practices – a worrying and widespread trend.

Managing vulnerabilities 

Just this week, Microsoft announced it is actively working on abolishing passwords within its programs.

In a blog post, the company said it is developing replacements to passwords by using authentication apps and other biometric technologies.

Eradicating passwords is a hot topic within the infosec industry and is a belief echoed by many within the community.

Allen Story, Chief Product Officer at cybersecurity company Intercede, criticized World Password Day and called for alternatives to be explored.

He said: “If anything, World Password Day highlights that we’re still not taking security seriously enough. More robust, readily available alternatives are still being overlooked.

“The right security methods are out there and incorporate two of three distinct elements – possession (something you have, such as a smart card or smartphone), knowledge (something you know, such as a PIN) and inherence (something you are, such as a fingerprint or face ID).

“These multiple levels of authentication make it much more difficult for cybercriminals to compromise – all it takes is a willingness from companies to implement.

“With this in mind, it’s time we stopped scratching our heads trying to recall a ‘memorable place’ or our ‘first pet’s name.’ Like passwords, World Password Day should be consigned to the depths of history.”