Released on the eve of National Cyber Security Awareness Month, a new survey from LastPass, makers of the world’s most popular password manager, explores the intersection of consumer psychology, behaviour and attitudes when it comes to personal passwords.
Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – the study’s findings reveal that consumers have yet to adjust their own behaviour when it comes to password reuse.
The survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits.
Password Paradox: You know it’s bad but you do it anyway
- 95% of respondents recognise the characteristics of a strong password but 47% use their initials, friends or family names, 42% use significant dates and numbers and 26% use pet names. – This information is easily obtainable through social media sites or a casual acquaintance
- 91% know there is a risk when reusing passwords but 61% continue to do so
- Only 29% of consumers change their passwords for security reasons – the #1 reason people change passwords is because they forgot it (46%)
- 69% of respondents prioritised their financial accounts over retail (43%), social media (31%) and entertainment (20%) – If passwords are being reused across accounts, cybercriminals who hack a lower-prioritised account can easily gain access to something that is more critical, like a savings or credit card account
- More than a third (39%) of respondents said they create more secure passwords for personal accounts over work accounts
Your personality will determine why – but not how – you get hacked
Based on extensive personality questioning, the 2000 global respondents were placed into two categories.
- Personality types don’t seem to impact our online behaviour, but does drive our rationalisations of poor password habits:
| TYPE A | TYPE B |
| Type A bad password behaviour stems from their need to be in control. Even though they reuse passwords, they don’t believe they are personally at risk because of their own organised system and proactive efforts · 35% reuse passwords so they can remember them · 49% have a personal system for remembering passwords · 2/3 are proactive to help keep personal info secure · 86% believe a strong password makes them feel like they’re protecting their family |
Type B personalities rationalise their bad behaviour by convincing themselves that their accounts are of little value to hackers. This enables them to maintain their casual, laid-back attitude toward password security · 45% think they’re not worth a hacker’s time · 43% choose an easy to remember password over a secure one · 50% limit online activity due to fear of a breach · 86% feel other things apart from a weak password could compromise online security |
“Developing poor password habits is a universal problem affecting users of any age, gender or personality type,” says Joe Siegrist, VP and GM of LastPass. “Most users admit to understanding the risks but continue to repeat the behaviour despite knowing they’re leaving sensitive information vulnerable to potential hackers. In order to establish more effective defences, we need to better understand why individuals act a certain way online and a system that makes it easier for the average user to better manage their password behaviour.”
