More Than Half of Users Reuse Passwords

  /     /     /  
Publicated : 22/11/2024   Category : security


More Than Half of Users Reuse Passwords


Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.



Most security experts agree that passwords are a poor security mechanism. Whats even worse: Were really bad at passwords. Thats the conclusion of a study that looked at 28.8 million users and their 61.5 million passwords in 107 services over 8 years.
The password study by researchers at Virginia Tech found that slightly more than half of all users reused passwords, or used slight modifications of passwords across a range of accounts. Password reuse, considered a major no-no by security experts, is considered a major factor in easy-to-hack user authentication schemes
The news actually gets worse from that bad beginning. The passwords in use were so weak that more than 16 million password pairs (30% of the modified passwords and all the reused passwords) can be cracked within just 10 guesses. And theres worse to come: accounts dealing with sensitive data, from financial records to email, were more likely to receive repeated and reused passwords than less critical sites.
Researchers at Dashlane
took anonymized data from the set used by the Virginia Tech team and looked for trends and patterns in the bad passwords. They found evidence of trends, patterns, brands and romance in the password store, all of which make passwords easier for criminals to predict and crack.
Perhaps unsurprisingly, the names of popular sports teams (which rise and fall according to their on-field results) and consumer brands find their way into passwords. The researchers were a bit more surprised by the pervasiveness of keyboard walking in forming passwords.
Dont let your fingers walk
Keyboard walking occurs when a user lets their fingers walk across a row of keys on the keyboard. asdfg, qwerty, and 12345 are all examples of keyboard walking. In each case, the resulting string is an easily guessed password.
Users slightly less lazy (or slightly more security savvy) move to variations on keyboard walking, including 1q2w3e4r and 1qaz@wsx. The notable thing about most of these walking passwords is that they can be typed with the fingers of the left hand only — and typed without ever moving the hand or shifting the fingers. That tendency limits the combinations and makes the passwords subject to relatively easy brute force cracking.
According to
a study by Visa
, one of the reasons were so bad at passwords is that we hate them. A lot. According to the Visa study, only about 1/3 of users follow the recommended practice of  having a unique password for each online account.  Almost two-thirds say that they have multiple passwords but share some passwords among accounts, while only about 7% admit to having a single password for every account they use.
The consequences of complex passwords
In a keynote session at last weeks CNP Conference, Jamie Uppenberg, director of digital products at Discover Global Network, said that the goal for online authentication and transactions, including those with passwords, is simple: You want the purchase to be as forgettable as possible, as delightful as possible. Authentication is key and not many people are doing it well.
Remembering and typing unique strong passwords makes for a high-friction transaction, and in the context of purchases, high friction is not forgettable.
At the same conference, Scott Adams, a CNP fraud and risk expert, said that an unintended consequence of requiring passwords that go beyond the easily remembered (and cracked) may be more fraud. Provide the payment methods/features your customers want. If you dont, fraudsters will.
Adding to the tools fraudsters are able to employ are the huge stores of compromised log in credentials stolen and shared among criminals in the last few years.
The Next Domino To Fall: Empirical Analysis of User Passwords across Online Services
, by Chun Wang, Steve T.K. Jan, Hang Hu, Douglas Bossart, and Gang Wang of Virginia Tech contains this surprising pair of facts: More than 70% of the users with reused passwords are still reusing the leaked passwords 1 year after the initial leakage. 40% of users are still reusing the same passwords leaked 3 years ago.
Beyond bad passwords
Moving beyond passwords for user authentication remains a technological and economic challenge, though users say that theyre reading for the shift. According to the Visa study, roughly 3/4 of consumers say that theyre interested in using fingerprints for authentication, with roughly half of consumers identifying a move past passwords as the chief benefit of biometric identification technology.
Until biometric authentication becomes more wide-spread, best practice suggestions for consumers are still important. in the conclusion to its report, Dashlane provides a list that contains no surprises for anyone in the security industry:
Use a unique password for every online account
Generate passwords that exceed the minimum of 8 characters
Create passwords with a mix of case-sensitive letters, numbers, and special symbols
Avoid using passwords that contain common phrases, slang, places, or names
Use a password manager to help generate, store, and manage your passwords
Never use an unsecured Wi-Fi connection 
Related Content:
Cybercriminals Battle Against Banks Incident Response
Cracking 2FA: How Its Done and How to Stay Safe
Password Reuse Abounds, New Survey Shows
target=_blankZero Login: The Rise of Invisible Identity
6 Enterprise Password Managers That Lighten the Load for Security

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
More Than Half of Users Reuse Passwords