Posts: 7,271 +65
Why it matters: Do you, like many people, reuse passwords across multiple websites and services? It should go without saying that such action isn’t a good idea; it's a great way to fall victim to hackers. But a new survey shows that 70% of adults still use the same password for more than one thing.
In a survey of 1,041 US residents aged 18 or older, PCMag found that 25% of them admit to sometimes reusing the same password. A similar number (24%) said they do this most of the time, while 21% admitted to doing it all of the time.
As readers of this site will know, reusing passwords is something hackers love, especially as many websites and services use email addresses as usernames. Should these login credentials appear in mass data leaks, someone could simply try them across multiple locations to see if they get lucky. The 167 million LinkedIn accounts that went up for sale on the dark web in 2016 are suspected to have enabled hacks on high-profile accounts such as Mark Zuckerberg and Katy Perry, and it led to Microsoft banning stupid passwords.
The survey also asked how people store their passwords. The most popular method is to memorize them. That’s obviously very secure, but you do run the risk of forgetting them completely. Surprisingly, the second-most-popular method, preferred by 36% of people, is to write them down physically—not very safe—and 24% said they write them down in a phone or other electronic device, which is still risky.
The recommended method of using a password manager is preferred by 33% of participants. Password managers aren’t infallible, as we’ve seen in the past, but they’re certainly the safest option. They also create very strong passwords and make them easy to change, which is good as over a quarter of people said they never change theirs.
Interestingly, 54% of people said they had been a victim of cybercrime, with credit card fraud (27%), malware (18%), ID theft (17%), and phishing attacks (16%) the most common crimes. And just 53% said they use anti-virus software—though PCMag notes some might be using it without realizing.
Microsoft, a long-time campaigner for people to ditch passwords in favor of more secure alternatives, recently announced that users can now choose to remove the password from their Microsoft account and sign in using one of several other methods, including Windows Hello, the Microsoft Authenticator mobile app, a security key or via a verification code sent to an email or phone.
Check out all the survey results at PCMag.