The results are in for our exclusive password manager survey in partnership with OnePulse, and we’ve uncovered a few surprises.
As we all accumulate an ever-increasing number of digital accounts, password security is more important than ever. With the advent of password generators and multifactor authentication, attempts are being made to make our online world both safer and more convenient.
However, it seems that, for whatever reasons, many people still aren’t fully onboard and remain tethered to the old ways of password management.
In a hardly surprising answer, over 60% stated that they reuse passwords across multiple accounts. Most did so because they couldn’t be bothered to remember multiple ones (40%), and others didn’t feel as if they were in danger of being hacked (27%). Only 33% said that they didn’t reuse passwords.
Despite the ease of using password generators in today’s online world, a staggering 65% still opted to create their own. Perhaps they are not aware of them, or don’t trust them; or maybe they are worried that if they can’t access their saved passwords, then they would be locked out of their accounts, since they are too complex to memorize.
Whatever the reasons, it was the most clear cut result in our survey. Perhaps we shouldn’t be too surprised given that most people don’t use password managers either.
Of those that did use a generator, most used the one integrated with their browser (15%), whilst others used an online generator (13%) and only a small minority used one from another source (6%).
People’s diligence seemed to vary when it came to crossovers between work and personal passwords: 34% said that they don’t share multiple passwords between the two, and 30% said they sometimes did. Around 20% each said that they often or always did.
One of the foremost experts on good password practice is Bill Burr, who wrote an influential manual on the topic published by the US National Institute of Standards and Technology (NIST) in 2003. It extolled the virtues of creating passwords that are as random as possible and changed regularly. Many websites subsequently required passwords based on his criteria.
The problem is that in practice, as people gathered more and more accounts, they naturally resorted to more simplistic passwords. They would tweak them only slightly: perhaps if you put the number 1 at the end of your password for one login, you’d likely choose 2 for another, and so on.
Bill Burr came to regret his initial advice. Experts now recommend that when making your own password, using a random but memorable string of three words is better. According to analysis, such passwords are much harder to crack than those using a single word with a mix of numbers and special characters, as well as being easier to remember.