Recent independent research[1] commissioned by Ping Identity®, the Identity Security Company™, has revealed the disconnect between perception and reality when it comes to password and identity safety online. Despite the fact the last two years alone saw about 10 million online records in the UK affected by security breaches[2], nearly three-quarters of respondents (72%) believe they’ve never had the security of their online accounts compromised.
Free eBook: Modern Retail Security Risk – Get your copy now.
Those surveyed also over-estimate the difficulty of their passwords. Nearly 80% believed that their passwords were difficult for others to guess. This is especially alarming as the top three passwords of 2014 were surveyed to be “123456”, “password” and “12345”[3].
In response to companies enforcing stricter guidelines on password creation, more than half of respondents (63%) found it difficult to remember all their online passwords. The top techniques respondents used to remember their passwords include:
1. Writing them down in a notebook
2. Entering passwords as a contact in their mobile phone
3. Using an online password manager
4. Keeping passwords listed in an Excel spreadsheet
5. Writing passwords on a sticky note taped to the computer monitor or keyboard
An alarming number of respondents admitted to following risky password habits. A third (31%) have shared their passwords to personal online accounts with other people. Half (49%) noted that they use the same password across multiple websites, putting multiple online access points at risk if one is ever breached.
“By now organisations should be aware that passwords are passé when it comes to effectively protecting their customers’ data and identities.” said Jason Goode, Managing Director – EMEA, at Ping Identity.
“These findings show that consumers are their own worst enemy online and organisations needs to be more vigilant in protecting their customers not only from hackers, but also from themselves. Organisations are essentially relying on an archaic practice to keep data safe. By deploying systems that centre on a consumer’s identity, organisations can ensure that their employees and customers don’t fall victim to risky password habits and human error.”
About Ping Identity | The Identity Security Company
Ping Identity is the pioneer and largest independent provider of next generation identity security solutions, with more than 1,200 customers worldwide, including half of the Fortune 100. Ping Identity is transforming the way hundreds of millions of people live and work every day by making their apps more convenient and secure to access from any device, anywhere. Visit pingidentity.com for more information.
[1] Research undertaken by YouGov. 2,235 consumers were surveyed in January 2015
[2] Breach Level Index, http://www.breachlevelindex.com/index.html?utm_source=bli-pr-20141112&utm_medium=press-release&utm_campaign=breach-level-index#sthash.7p1HZEe5.nWiDjY0H.dpbs
[3] Splash Data, ‘”123456″ Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List’: http://splashdata.com/press/worst-passwords-of-2014.htm
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.