One of the most basic elements of human nature is allowing cyber criminals to prey on personal and business digital information, it has been revealed, with many people unwilling to change passwords even if they are hacked.
Password manager LastPass investigated the password habits of 2,000 people from across Australia, France, Germany, the UK and US.
It found that almost half (47 per cent) of people are using the same passwords for home and work accounts, despite the obvious risk that if one is breached then others could also be easily accessed.
Meanwhile 59 per cent of people use the same password for multiple accounts, and only change the password when impacted by a security scare or it is demanded of them by their employer’s IT team.
The scariest finding, particularly from a business point of view, is that only 55 per cent of people said they would update their passwords if they had been hacked.
While most people expressed concern or even fear of being targeted by cyber criminals, their biggest fear was simply forgetting their passwords. This goes a long way to explaining why they employed such habits making it easier for them to remember, regardless of the security risks.
“The cyber threats facing consumers and businesses are becoming more targeted and successful, yet there remains a clear disconnect in users’ password beliefs and their willingness to take action,” said Sandor Palfy, CTO of identity and access management at LastPass’ parent company, LogMeIn.
“Individuals seem to understand password best practices, but often exhibit password behaviours that can expose their information to threat actors. Taking a few simple steps to improve how you manage passwords can lead to increased safety for online accounts whether personal or professional.”
The findings support other research on digital passwords, such as that 96 per cent of passwords fail the most basic security test.
A former hacker arrested by the American FBI before becoming a global cyber security consultant previously told My Business that another common mistake is not resetting the default passwords on new equipment, with printers being a prime example.