Yet another report has found that many people are still refusing to adopt better password behavior. The latest evidence comes courtesy of LogMeIn, which released its third Psychology of Passwords report earlier this week.
LogMeIn is best known as the developer of the LastPass password manager. The company’s report found that a full two-thirds (66 percent) of consumers reuse the same password on most or all of their accounts, even though the overwhelming majority (91 percent) know that doing so exposes them to greater risk in the case of a security breach.
What’s surprising (and perhaps concerning) is that that behavior has actually gotten worse while overall security consciousness has improved. The 66 percent figure is up eight percent from 2018, and 48 percent of the respondents never change their password unless forced to, despite the fact that most (80 percent) were worried about their password being compromised.
“During a time where much of the world is working from home and spending more time online, the cyber threats facing consumers are at an all time high,” said LogMeIn SVP and Identity and Access Management GM John Bennett. “Individuals seem to be numb to the threats that weak passwords pose and continue to exhibit behaviors that put their information at risk.”
Of the people who reused passwords, most (60 percent) did so because they were afraid they would forget their login credentials for different accounts. Others cited a desire to be in full control of all their passwords.
On the other hand, the report did find more support for multi-factor authentication, with just over half (54 percent) of the respondents indicating that they used MFA for their personal accounts (37 percent used it at work). People are also becoming more comfortable with biometrics. Sixty-five percent of the respondents now believe that face and fingerprint recognition are both more secure than traditional passwords.
The Psychology of Passwords report surveyed 3,250 respondents in the US, Australia, Singapore, Germany, Brazil, and the UK. The data was gathered in the first half of March.
The LastPass findings echo those of Yubico and Thales, which have both highlighted bad password habits in the past few months. LastPass itself recently updated its LastPass identity solution to enable passwordless logins for enterprise level customers.
May 7, 2020 – by Eric Weiss