Stories
Slash Boxes
Comments

SoylentNews is people

People Know Reusing Passwords is Dumb, But Still Do It

posted by martyb on Tuesday May 26 2020, @04:02AM   Printer-friendly
from the convenience-vs-security dept.

Arthur T Knackerbracket has found the following story:

Even seeing data breaches in the news, more than half of consumers are still reusing passwords.

More than half of people haven't changed their password in the last year – even after they've heard about a data breach in the news.

That’s according to a recent survey, “Psychology of Passwords: The Online Behavior That’s Putting You At Risk,” that examined the online security and password behaviors of 3,250 global respondents – and found that people still employ an alarming number of very common and very risky habits, even though they know better.

Researchers said that password reuse was the biggest security faux pas being committed by respondents. In fact, password reuse has actually gotten worse over the years: When asked how frequently they use the same password or a variation, 66 percent answered “always” or “mostly” – which is up 8 percent from the same survey in 2018.

Worse, 91 percent of respondents said they know using the same (or a variation of the same) password is a risk. They still do so anyways.

“Our survey shows that most people believe they are knowledgeable about the risks of poor password security; however, they are not using that knowledge to protect themselves from cyber threats,” said researchers with LastPass by LogMeIn, in a recent report.

[...] “People seem to be numb to the threats that weak passwords pose,” said researchers. “Technology like biometrics is making it easier for them to avoid text passwords all together and many people are simply comfortable using the ‘forgot password’ link whenever they get locked out of their accounts.”

Original Submission

 
This discussion has been archived. No new comments can be posted.
People Know Reusing Passwords is Dumb, But Still Do It | Log In/Create an Account | Top | 65 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by EJ on Tuesday May 26 2020, @02:16PM

    by EJ (2452) on Tuesday May 26 2020, @02:16PM (#999212)

    Recite three different sha256 hashes from memory.

    Most site leaks are gobbled up by bots and reused as-is. Unless you're being specifically targeted, it's not worth the effort to try to figure out your password algorithm as long as it is sufficiently complex.

    Many things that are trivial for a human to do are not at all easy for a computer to reproduce. A password such as "GreenIsTheFourthColorOfTheSpectrum" isn't something a typical script is going to decipher, but it's really easy to remember. Then, all you need to remember is that green is the color of a particular website. Maybe orange is the color you assign to your bank's site.

    Toss in a few things like number insertion and punctuation, and you're extra protected.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2