Bad Password Habits ‘Like Leaving The Front Door Open’ According To Research

Internet users across the globe are yet to master how to use passwords effectively to protect themselves online. Research from Kaspersky Lab has shown that people are putting their online safety at risk by making bad password decisions and simple password mistakes that may have far-reaching consequences.

The research unearthed three common password mistakes that are putting a large number of Internet users at risk:

  1. People use the same password for multiple accounts, meaning that if one password is leaked, several accounts can be hacked.
  2. People use weak passwords that are easy to crack.
  3. People store their passwords insecurely, defeating the point of having passwords at all.

Andrei Mochola, head of consumer business at Kaspersky Lab comments: “Considering the amount of private and sensitive information that we store online today, people should be taking better care to protect themselves with effective password protection. This seems obvious, but many might not realise that they are falling into the trap of making simple password management mistakes. These mistakes, in turn, are effectively like leaving the front door open to emails, bank accounts, personal files and more.”

The research shows large numbers of people (almost one in five – 18 per cent) have faced an account hacking attempt but few have effective and cyber-savvy password security in place.

For example, only a third (30 per cent) of Internet users create new passwords for different online accounts and a worrying one-in-10 people use the same password for all their online accounts. Should one password be leaked, these people are therefore at risk of having every account hacked and exploited.

People are also not creating passwords that are strong enough to protect them from hacking and extortion. Only half (47%) use a combination of upper and lowercase letters in their passwords and only two-in-three (64%) use a mixture of letters and numbers. That’s despite the fact that users think their online banking (51%), email (39%) and online shopping accounts (37%) need strong passwords.

The study also shows that people are mistreating their passwords – by sharing them with others and using insecure methods to remember them. Almost a third (28%) has shared a password with a close family member, and one-in-ten (11%) has shared a password with friends. Over one-in-five (22%) also admitted to writing their passwords down in a notepad to help remember them.

Mochola continues, “With people having so many online accounts today, it’s not easy to remember a secure password for everything. Using a password management solution can help people remember and generate strong passwords to minimise the risk of account hacking online.”

Kaspersky Password Manager securely stores all passwords, addresses and credit card details, and synchronises them across all devices so that users only need to remember one master password.

David Emm, principal security researcher at Kaspersky Lab, provides some tips for creating strong memorable passwords that don’t use personal data:

Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example: start with the name of the online resource, let’s say ‘mybank’. Then apply your formula, for example:

1. Capitalise the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.

This would give you a password of ‘n1mybAk;’.

There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is ‘the quick brown fox jumps over the lazy dog’ the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four-step rule.

By using either of these methods, consumers can ensure they have a unique password for each online account and therefore secure themselves against types of breaches that make use of previously gained information.

If you find even this too complicated, consider using a password manager – software that automatically creates complex passwords for you, keeps them secure and auto-enters them when you need to log in.


  • Show Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.