Breaking the Cycle of Password Reuse

Large scale data leaks and breaches are making headlines nearly every week, keeping the threat of a cyber attack front and center in our minds. In this environment, password reuse can be a serious chink in your security armor. Although taking a little shortcut with one of your passwords might seem harmless, the dangers of password reuse are greater than you might think. Here's a look at why password reuse is so commonplace, what's behind this risky behavior, and how a password manager can help you break the cycle of password reuse.

Password reuse is risky, but people are doing it even more now

Even though they know it's dangerous, people still prefer to re-use the passwords they already have. According to the Psychology of Passwords 2020 Report, 42% of respondents say that having a password that's easy to remember is more important than having one that's secure. Although 91% of people say they know reusing the same password or a variation of it is a risk, 66% of them always or mostly use the same password or a variation of it. In fact, this figure represents an 8% increase over LastPass' findings from 2018.  Reusing the same password makes it much more likely that your account will be compromised at some point. Eighty percent of respondents say they are concerned about this, but 48% of them still state that they will not change their password unless it is required. That's a 40% bump from 2018, indicating that people are digging in their heels and refusing to change their password habits even though they know it can't end well.

Password reuse is a surprisingly human behavior

What are the reasons behind this cognitive dissonance? As it turns out, basic human emotions like anxiety and fatigue play a strong role in password reuse.  When asked why they reuse passwords, 60% of respondents said they are afraid of forgetting their login information. Fifty-two percent of them said they want to be control and remember all their passwords. People want to feel like they are in control of their accounts, and they are clearly anxious about being locked out if they forget their passwords. Considering how much of our work and personal lives have moved online during the pandemic, this anxiety is understandable. People also have to keep track of more passwords than ever before, which is where the fatigue factor comes in. Although 71% of respondents said they think they have between one and 20 online accounts, the average LastPass user has approximately 38 online accounts — about double what people tend to assume they have. Remembering passwords isn't so easy, either, which is why 25% of respondents reset their passwords once or month a more. 

How password reuse puts multiple accounts at risk

Forty-two percent of respondents think their accounts aren't valuable enough to be a hacker's time. A simple search at haveibeenpwned.com tells a different story, however. Most email accounts have turned up in at least one breach if not several of them at this point. If that wasn't bad enough, cyber attackers can break into an account - particularly one with a weak password - with little effort using the automated tools they have now.  The dangers of password reuse compound as you accumulate more accounts. Using the same password for multiple accounts — for example, your banking, social media, personal, and work accounts — puts them all at risk of near-simultaneous compromise if a bad actor manages to get their hands on that one password. When cyber attackers buy stolen credentials on the dark web, it's easy for them check and see if any of the passwords they've recently acquired match accounts that have appeared in recent data breaches and take it from there. Once attackers get a hold of your password, they won't have much trouble accessing your accounts and you may not even know it when they do. Once they're in, they may kick the tires and try to see if there's anything of value in your work or personal accounts. Although multi-factor authentication (MFA) can help by giving you a heads up notification when someone attempts to log in as you, it's essential to break the cycle of password reuse so bad actors won't have such an easy time getting into your accounts in the first place.

How a password manager can help

A password manager can help you break the bad habit of reusing passwords for good. It gives you control over your passwords with a secure, encrypted password vault that you can access from any device wherever you go. Once you've stored all of your passwords in the vault, the password manager automatically fills them in for you when you need to log in. That way, you never have to worry about forgetting any of your passwords or losing access to any of your accounts.  It's also important to use a strong, unique password on each of your accounts. A password manager trains you to do this by automatically alerting you when you've used the same password across multiple accounts or when one of your passwords needs to be beefed up so you can take action. Its password generator feature makes it easy to generate a new, secure password for your account, and you don't even have to remember that new password once it's been updated in the vault.  A dark web monitoring feature in a password manager keeps a lookout for your accounts, notifying you when one of them has appeared in a data breach so you can immediately update the password. That way, you can slam the door shut on cyber attackers before they have a chance to come knocking. By enabling multi-factor authentication on all of your accounts that offer it, you can add an even stronger layer of protection that will give you crucial peace of mind.

Break the cycle of password reuse once and for all

If you're reusing the same password on multiple accounts, you're not alone. It's a common practice, and people do it for very human reasons. Most often, people reuse passwords because they want to feel like they have control over their accounts, and they're worried about getting locked out. It's also hard to remember so many unique passwords now that the average person has at least 38 accounts.  This dangerous behavior puts your accounts at greater risk than you might think. A password manager can help ease password anxiety and fatigue, giving you control over your accounts while alleviating the burden of managing them. This tool can also make it much easier to set strong, unique passwords so attackers have a much harder time compromising your accounts. That way, you can break the cycle of password reuse once and for all and enjoy more tranquility in your digital life. Learn how LastPass helps you easily and quickly solve poor password habits like password reuse.