Poor Password Practices Persist Among Online Users


One of the most important aspects of online security is choosing and managing passwords that are hard to guess and crack. However, many users struggle to adhere to the recommended guidelines for creating and updating passwords, as they have to deal with a large number of accounts across different platforms and services. Additionally, many users lack the necessary awareness and knowledge about the risks and consequences of weak or compromised passwords, and the benefits of using tools such as password managers or two-factor authentication.

According to recent studies, three out of four online users in the United States and Europe are putting themselves at risk of being hacked due to poor password practices.

The study by Keeper Security, based on a survey of 8,000 people in the United States, United Kingdom, France, and Germany, found that 75% of the respondents admitted they don’t adhere to password best practices, while nearly two-thirds (64%) acknowledged they’re using weak passwords or repeat variations of passwords to protect their online accounts.

It was reported that 25% of respondents identified with being either an ostrich, burying their heads in the sand, or a bull in a china shop, when questioned about their cybersecurity behaviours.

Whilst this may be astonishing to vendors who have been extolling the virtues of cyber security, 35% of people globally admit to being overwhelmed with the prospect of improving their cybersecurity, with 10% admitting they don’t consider password security at all.

Diverse Application Access and Ignorance Leads to Poor Password Hygiene

According to information security professionals, many reasons contribute to the low rate of compliance with principles of good password hygiene. Report after report has shown that less than half of the general public follows every rule for password safety properly.

The simple answer lies in the number of disparate applications being used by organisations in the modern world. Whereas users only had four or five applications to contend with, now they have to manage social media, work, conferencing, learning, and others. Ever since the pandemic hit, the number of accounts people have has exploded.

Another reason is ignorance, with many individuals unaware of the importance of strong passwords and the risks of weak ones. Even though there is a vast amount of information on the importance of strong passwords and enabling MFA (multi-factor authentication), the average user doesn’t understand why.

Password Overload

Inconvenience is another factor influencing password management behaviour. “People have, in many cases, nearly 100 different passwords they’re trying to keep track of. There’s just no way an individual can remember all of them, reported Robert Hughes, chief information security officer at RSA. “But generally,” he continued, “it’s difficult for users to keep track of their passwords when they’re expected to have a different password for every application they use. Without using a password manager I’d say that I can’t believe that anyone really has unique, strong passwords everywhere.”

Password Practices Need Work

Surveys also found that more than a third of the respondents (36%) believed all their passwords were well-managed. But of those who thought their passwords were well-managed, only one in three followed best practice advice to use strong and unique passwords for all their accounts. They may not have access to tools or feedback on the risks of password reuse. And some users may also overestimate their password management abilities, believing that reusing passwords or making slight variations is secure enough.

While most believe strong passwords are the single best way to achieve personal cybersecurity, the majority fail to implement industry-recommended password protection practices in their daily lives and despite good advice, three in four people do not adhere to password best practices.

C4 Secure is an authorised RSA Gold Partner, established in Northamptonshire. We have extensive knowledge in advising clients in best practice surrounding data security, and provide solutions from RSA, Cyber Essentials accreditation and GDPR compliance. We can be contacted on 01604 439303, or c4secure.co.uk.