
We never learn. The largest ever study of password usage shows just how inept most of us are at keeping safe online.
and his colleagues at Virginia Tech found that more than half of us reuse or only slightly modify our passwords for different accounts. On shopping sites, more than 85 per cent of people reuse passwords, which if hacked can lay bare credit card information. For email, nearly two-thirds of people reuse passwords, putting at risk huge amounts of personal information.
Reusing passwords is so damaging because when one password is cracked, other accounts on different platforms and websites can then be accessed more easily by hackers.
Advertisement
For the study, the team scoured 61.5 million passwords used by 28.8 million people over eight years, all collected after data breaches and subsequent leaks. The passwords were collected from 107 different services including Gmail, Myspace and LinkedIn. The work will be presented at a data security conference in Arizona later this month.
“Passwords are a hassle,” says of the Oxford Internet Institute. “I’ve probably typed fifteen today.”
Some people slightly modify passwords for each of their different accounts, but that isn’t an effective strategy. An algorithm created by the Wang and his colleagues managed to guess 30 per cent of modified passwords within 10 attempts. “Human beings aren’t very inventive,” says Wang.
Massive leaks of passwords have become commonplace, yet having your password published publicly doesn’t seem to stop reuse. A year after credentials were leaked, more than 70 per cent of users were still using them.
So how can you stay safe online? Password managers are your best bet. But failing that, making sure to have unique passwords for your most sensitive accounts even if you’re a bit more relaxed with others can help too. “I reuse some passwords,” admits Wang. “But I make sure the password I use on a low-risk account, like a random forum, is never reused on my critical accounts.”