49% of workers, when forced to update their password, reuse the same one with just a minor change:
A survey of 200 people conducted by security outfit HYPR has some alarming findings.
For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.
Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.
What is so bad about changing "Password1" to "Password2"?
(Score: 2) by toddestan on Friday December 13 2019, @11:44PM
If the password is strong and secure, then there really is no reason to have to change it.
If the password has been compromised somehow - the malicious actor trying to get in might be able to guess/figure out your small change and still gain access. The whole point of these password change policies is to defend against scenarios where the password has been compromised somehow but that fact is not yet known. A small, easy to guess change completely defeats the purpose of that policy.