As we rapidly move everything online in response to the global pandemic, this has put passwords front and center again. With the latest Marriott breach, it’s like groundhog day when it comes to passwords with both organizations and users failing to take the necessary measures to step up their password hygiene.
Passwords remain a weak link and are the source of many cybersecurity vulnerabilities. From companies failing to implement technology detecting and preventing the use of compromised credentials to users having one core password for every single account, we seem oblivious to the risks.
Here are some staggering statistics that show the magnitude of the password reuse problem.
- A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
- Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
- Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
- The average person reuses each password as many as 14 times.
- 72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
- And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
- Security.org found that 76% of millennials recycle their passwords.
- This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
Most people know better than to reuse passwords, but struggle to recall unique passwords for all of their personal and work accounts. Cybercriminals rely on this lax behavior and prey upon the vulnerabilities caused by password reuse. It’s unrealistic for companies to rely solely on people changing their behavior, but it’s also untenable for them to continue to allow the use of exposed credentials. Implementing an automated way of continuously ensuring password security is the only path forward.
Banishing a hacker’s ability to use stolen passwords will shore up cybersecurity. Find out more about how Enzoic can automate the removal of compromised credentials here. And put an end to these scary statistics.