The Contradictory World of Password Behavior

Woman typing on keyboard

Do as I say, not as I do. If password hygiene had a motto, that’s what it would likely be. At least according to the Psychology of Passwords research that launched last month. We all know the cyber security landscape has been marred by breach after breach in the last few years, and this research confirmed that people aren’t taking the breaches seriously. Meaning, password behavior isn’t getting any better. Interestingly enough, we found that people KNOW what they should be doing to protect their online accounts, but they’re not taking the necessary action to follow through. We are a hacker’s dream.  

These contradictions – the fact that people know the right thing to, but they’re just not doing it – are fascinating. Think about flossing. We all know we’re supposed to floss, but do we? No. In fact, only a third of people do floss every day. It’s not like flossing is hard. So if people aren’t even flossing, there’s no way they are going to keep up with all the demands of cyber security by themselves. They need help.  

First, let’s look at some of the contradictions that the Psychology of Passwords research found: 

Password reuse is a known no-no 

91% recognize that using the same or similar passwords for multiple logins is a security risk. Yet, 58% mostly or always using the same password or variation of the same password. 

Breaches aren’t scary enough 

69% are fearful when hear news of password hacking. Yet, only 55% would change their password if their account was hacked. 

People underestimate their online presence  

Nearly half of respondents (47%) cite having between 1-10 online accounts. Yet, our Password Exposé showed that the average employee (using LastPass) has to keep track of 191 passwords — revealing that people often underestimate the number of accounts they truly have. 

Despite the clear risks, the majority of people aren’t taking their online security seriously. What they may not realize is, it’s not hard to keep your passwords and online life safe and easily accessible. With a password manager, you’re given a tool that saves sites as you log into them, making them easy to access the next time you visit. Plus, you can create new, strong passwords with one click without taking up your time.  

Read the rest of these contradictions in the Psychology of Passwords eBook, along with our take on why people do what they do, and how a tool like a password manager can help users act on the good password habits they know they should be adopting.  

One Comment

  • Troik says:

    Yes, we need help :D
    I have 300+ Accounts that Lastpass is storing for me, and my guesstimate would be that about 50% maybe are using unique passwords. The rest is either sites that no longer exist or are using same/similar passwords. I know you have the password challenge, but the idea of having to change 100+ passwords is just too big of a mountain, so I never do it, telling myself I will do so eventually “when I have time”.

    Maybe you could give me a reminder every day to change one or two passwords at a time, (or delete the account) so we could slowly chip away at this mountain?