Shopping online allows us to browse and buy from anywhere in the world and the choice really is endless. We see something we like, we enter our personal and confidential information, such as date of birth and credit card details, to complete the order process and when we create our online account, so our profile is saved for when we come back again, we protect it all behind a password. A password that we reuse everywhere and could be very easy to guess – like a favourite sports team!
With World Password Day later this week, a celebration to promote better password habits, we thought it was the perfect time to launch our 3rd Psychology of Passwords Report. This research examines online security behaviours of 3,250 people from around the world to see if and how they are putting themselves at risk, if they recognize the risk they’re putting themselves in and what more they could be doing better to keep themselves safe.
People know what’s right, but do the opposite
The biggest trend we saw in the report was this cognitive dissonance: People know what they should be doing, but they don’t actually do it. For example, globally 91% say they know using the same or a variation of the same password is a security risk. However, when it comes to creating passwords, 66% of respondents always or mostly use the same password – this is up 8% from our findings in 2018.
In Singapore, 79% use the same or a variation of the same password across their online accounts and 32% use sentimental information in the passwords they use. Not even a breach reported in the news is enough to make 38% of people change their password, meaning that any other website where the compromised data was used is now a target. (There are more interesting insights on Singapore in the below infographic)
Password reuse like this is especially risky with the uptick in malware and hacking incidents we’ve been seeing due to Covid-19. So, the question becomes, why? Why are people doing the opposite of what they know is right?
People don’t think they are a target
One reason: 41% of the global respondents think their accounts aren’t valuable enough to be worth a hacker’s time. But they’re wrong! Your personal data can be very valuable! Even if some data, like your credit card number, only gets them between $5-$110 each, that’s still worth a lot when they are stealing huge amounts of data. When your favourite brands get breached, those hackers can make a lot of money selling your information on the dark web.
The full report includes:
- Why people are reusing passwords
- What percentage of people can guess their significant others’ passwords
- Types of accounts people are actually protecting properly
- Comparison of behaviours in different countries
- And more