Lazy Password Practices Are All Too Common Says New Study

UK Internet users are reusing passwords and exercising poor password practices, which is putting their data at risk, according to a new study.


Photo: leungchopan / Shutterstock

In a survey conducted by TeleSign of more than 2,000 consumers, the mobile identity company discovered that 62 percent of consumers risked compromise of their online accounts and other similar credentials because of using the same password.

Password duplication over multiple accounts could leave consumers vulnerable to the ‘domino effect’, which refers to hackers stealing a single account password and then being able to access several other online accounts. The domino effect has been seen in the massive breach at US retailer Target where hackers stole passwords from one service and then used it to access several other account services.

“At TeleSign, we’ve seen the impact of the domino effect first hand. Following the recent hack of an online retailer’s customer database, our security team saw a massive increase in fraudulent activity with email providers.”

“This spike in activity was the direct result of hackers taking advantage of the passwords they had stolen from one service to access another,” said TeleSign CEO Steve Jillings.

Also, 22 percent of consumers said that they would forget a new password, 22 percent said that they realize it is important but it can be neglected, 20 percent said they can’t be bothered and 16 percent said they are asked to change the passwords quite often.

Apart from password ‘laziness’, the firm also discovered lack of overall awareness when it comes to online security, with younger age groups being the worst offender. About 25 percent of 18 to 24-year-olds believe they haven’t suffered a hack in the past so they are safe.

The overall findings have reignited the reminder that there is a need to find a better way to safeguard people’s data on the web.

Jillings added: “Passwords are an artefact from a bygone era, a significant percent of incidents can be prevented when providing stronger authentication methods” – a view shared elsewhere in the industry.”

“We believe leveraging a user’s mobile identity to confirm who they are – some combination of their phone number, their device, and their behaviour – is nearly impossible to hack compared to a password.”

It’s not surprising to see that top sites are enforcing specific password requirements, such as urging users to include numbers, symbols, upper case and lower case letters while setting up their passwords. However, this is intensifying the issue of using same passwords as users struggle to remember passwords for multiple accounts they have.

These sites need to make it convenient for users while adding multiple layers of security and authentication. People will not do anything that’s complicated. The entire process of user management and account access requires a lot more thought, work and imagination to come up with better solutions.

As for now, the best way for users to protect themselves from data breaches is to use two factor authentication, where an account also requires a code to be entered in addition to the password. This code is usually sent on the account owner’s phone.