49% of workers, when forced to update their password, reuse the same one with just a minor change:
A survey of 200 people conducted by security outfit HYPR has some alarming findings.
For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.
Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.
What is so bad about changing "Password1" to "Password2"?
(Score: 1, Insightful) by Anonymous Coward on Friday December 13 2019, @07:19PM
The requirement for changing passwords is ALREADY about closing the barn door after the cows are out.
The ONLY attack case this fixes is the attacker that already has a credential. If the APT (advanced persistent threat) isn't in your attack profile, there is no reason for this requirement.