Does this sound familiar to you: You have the same primary password you use for a majority of your logins, and switch it up with a few numbers and symbols for more case-sensitive websites. According to a new study, most of us have the same password habits, and they are bad habits that we need to kick.
“People have been told to make longer and more complicated passwords by adding a symbol, adding an emoji … it just gets worse and worse,” HYPR CEO George Avetisov told Digital Trends.
HYPR, a cybersecurity provider, released a new study on Tuesday on the current state of passwords and how people manage them. The two-and-a-half-year study looked at over 500 respondents from the United States and Canada about how they manage their passwords.
The research shows a variety of password data, like how over 40% of people rely only on their memory to remember their passwords. However, 78% of the study’s respondents had to reset their password in the last 90 days because they forgot it.
A staggering 72% of individuals reuse passwords in their personal life, which experts say is bad “password hygiene.”
“We should strive for 100% of people not to reuse passwords, and what you see here are some pretty high stats as being reused,” Avetisov said.
He said that on the bright side, people are more cautious about their passwords for their work. The study shows that when prompted to make a new password at work, 51% of people use a completely new password, compared to 28% for personal use.
“My advice is to never use any personal passwords for work,” Avetisov said. “If you separate your personal and your work passwords, you’ve already done your company and yourself a huge benefit.”
So how can we clean up our act? Avetisov said that that responsibility shouldn’t fall on us, but should instead on the companies and online services that require passwords. He said a simple solution to our password habits would be for companies to implement password-less multifactor authentication.
Using things like your phone (touch ID) or your biometric data (facial recognition) would be more secure than a password, according to Avetisov. It could prove to be more reliable than a password, but facial recognition software is still thought to be controversial by many.
“Folks who are against facial recognition have a reason to be and have a right in doing so, but there are different flavors of it,” he said.
Avetisov said the biometric data on an iPhone never leaves that device, so by companies using that technology to their advantage when asking users to log in would beneficial and more secure for all.
Of course, for now, a majority of the sites we use require a manual password for us to log in. For that, Avetisov said to use a password manager to help you remember all of your different passwords.
