In the Age of the Data Breach, Why Do We Still Use Bad Passwords?

Today, the average internet user has approximately 130 online accounts registered to their email address, and that number is expected to reach more than 200 in the next two years. This excess of accounts helps consumers digitally manage all kinds of everyday tasks, from transferring money between bank accounts, to online shopping, to booking a ride home on a night out.

With so many accounts to manage, most people have experienced the frustration of being unable to access an online account due to a lost password. Everyone knows the drill: Click the “forgot password” button, wait for the reset email to come through, stumble through your security questions and eventually choose new login information—and hope you remember it.

As consumers become increasingly dependent on online accounts for all aspects of their lives, they are facing a dilemma when choosing passwords. A recent survey of internet users on their password habits found that people most often take one of two approaches to password management. Some people opt for simple, memorable passwords for convenience and ease of use, but by doing so, they put their data at risk. Others lock up their data behind strong passwords that are different for every account, but often have difficulty remembering their login information.

However, in the age of the data breach, weak passwords should no longer be an option—and consumers must shift their focus towards how to make strong passwords work for them.

The Problem with Weak Passwords

Many people opt for insecure passwords to avoid the frustration of having to remember long, complicated logins. Recent research found that 59 percent of people mostly or always use the same password for their accounts, which is often an easily guessable combination. Despite massive data breaches from Equifax, Verizon, Uber and other corporations making headlines, the two most commonly used passwords last year were “123456” and “password.” While using repetitive passwords may allow consumers to live their online lives seamlessly, it creates a significant security risk that is just not acceptable in today’s digital age—a risk that has been well-documented and warned against by experts, time and time again.

With nearly half of people experiencing at least one cybersecurity issue in the last five years, using a single password across all accounts poses a substantial threat to security and privacy. It is especially risky to use weak passwords on accounts that are of particular interest to cybercriminals, such as email, online shopping and banking accounts. With more than 1,500 data breaches occurring in the United States just last year, the strategy of using weak, easily guessable passwords is no longer a viable option.

The Challenges of Strong Passwords

Alternatively, many consumers understand the need for secure passwords and take steps to use strong, unique login information, especially on accounts that deal with sensitive data. However, it can be difficult to remember more than a few strong passwords, which means that consumers are more likely to forget their information and be locked out of accounts when trying to make a security-conscious decision. If people are unable to carry on their normal activities due to difficulties logging in to online accounts, this stress and frustration may lead them to revert to their old bad password habits. In fact, nearly half of millennials reported in a recent survey that they often find it stressful to manage the number of passwords they have.

To ensure that consumers stay on the path towards stronger security, password management software can be a great tool for eliminating password headaches. Password management software provides a secure vault for consumers to store all of their online account information, so that they can use a variety of strong passwords without having to memorize dozens of complicated strings. However, for today’s consumers, simply strengthening their passwords should not be the end of the security road.

Beyond Passwords: Two-Factor Authentication, Biometrics and More

As cybercriminals continue to use increasingly sophisticated phishing and social engineering techniques to gain access to online accounts, password technology may no longer be enough to protect our most critical personal assets. Non-SMS two-factor authentication is one way to reinforce traditional password technology. Even if cybercriminals are able to gain access to an account through a breach or hack, two-factor authentication will alert a user of unauthorized access to one of their accounts. Leading tech companies including Google, Apple and Twitter are now heavily encouraging users to secure their accounts with two-factor authentication, and other organizations should consider doing the same.

Additionally, some companies are exploring options for using tools such as biometrics as a security measure, rather than just simple passwords. Biometric authentication methods can include fingerprints, facial recognition, voice identification, retina scans and more. Because these characteristics are unique to an individual and cannot be stolen or replicated, they offer an advanced level of security. However, as recent research has shown, biometric authentication is still not foolproof and will require more research before it is perfected for widespread use.

As experts continue to explore new ways of securing devices and online accounts, consumers need to ensure that they are not falling behind the times in regards to password security. In the age of the data breach, insecure passwords are no longer an option. Pairing strong passwords with non-SMS two-factor authentication and other emerging security methods is the best way for all consumers to stay ahead of cybercriminals—and ensure that personal data remains safe and secure.

Brian Anderson

Avatar photo

Brian Anderson

As vice president of consumer sales, Kaspersky Lab North America, Brian Anderson is responsible for leading the company’s digital transformation strategy, which includes setting sales strategies to maximize business to consumer business opportunities within the region. Brian brings nearly 25 years of technology, marketing and management experience to Kaspersky Lab. Prior to joining the company in 2017, he served as vice president of digital strategy and innovation at Avid Technology. He has also held leadership roles at Progress Software, Philips Electronics and ISOBAR, a global digital agency. Brian holds an MBA from Babson College and a Bachelor’s degree in Business Administration from Northeastern University.

brian-anderson has 3 posts and counting.See all posts by brian-anderson