123456. Qwerty. Password.
Sound familiar? These are among the top 5 most used passwords, according to a Cybernews analysis of more than 15 billion logins.
Having an easy to guess code matters because incidents of cybercrime, hacking and data theft are on the up, and also because so much of our daily life is now conducted online.
Complex passwords
Reusing codes
“After receiving cybersecurity education, only 31% of users stopped reusing passwords, while only 25% started using a password manager,” the report says.
And a feeling of security was often deemed to be enough, with 89% of respondents acknowledging the risk of using the same password or a slight variation. Just 12% said they use a different password for each different account.
The same password, or a variation, was used “mostly” or “always” by 62% of those surveyed.
There was some variation in attitudes and behaviour among age groups, however all showed scope to improve their approach, the research showed.
Sense of security
Gen Z – people born between 1997 and 2010 – had a strong sense that their password management is “very safe” and were more likely than other age groups to recognize the risk of using the same password across multiple sites.
Even so, they were also the generation most likely to memorize their passwords – perhaps a sign that the combinations or complexity used in the password could be improved.
The opposite was true for “Baby Boomers” – those born between 1946 and 1964. They may have displayed less confidence in their own password methodology, but actually came out in the survey as the “most likely to create unique passwords” as well as the least likely to repeat a password or use a variation.
Attitudes differed depending on the type of site that data was being shared with.
Financial websites like banking and email accounts were seen as the top sites to create strong and complicated passwords for, while just 8% of respondents would create a hard-to-crack code for a travel or airline account.
Building cyber resilience, globally, is a core plank of the World Economic Forum and takes place via the Centre for Cybersecurity. The most recent Global Cyber Security Outlook report showed that while business leaders are taking the issue more seriously and meeting more frequently about it, “more needs to be done to promote understanding between business and security teams to support effective action by organizational leaders”.
The LastPass report also alighted upon a lack of action, even when the consequences are well understood. The authors of that report attributed the need for improved cybersecurity methodology to a lack of awareness of how grave the consequences can be, as well as a lack of proactive interest in cybersecurity training.
“Online users still need to level up cybersecurity by taking action versus a passive stance to protect their digital lives,” the report said. “No generation is immune to password mishaps, confidence is creating a false sense of security and awareness doesn’t translate to action.”
Next time you reach for 1234 or that hackneyed old password, you might want to think again.
This article was originally published in the World Economic Forum.
Also read: New enforcement will reduce calling rate by 50pc: WhatsApp over international scam calls