Biggest Password Mistakes – Forbes Advisor

Passwords are part of our everyday lives, necessary to access everything from bank information to emails. While most Americans are constantly reminded to keep their passwords secure, a large number fail to do so. Only 24% use a password manager to keep their password secure, which is one of the best ways to manage difficult-to-hack passwords. Forbes Advisor conducted a survey to learn more about Americans’ password habits—and their biggest mistakes.

73% say they are familiar with password security best practices

It should go without saying that you want passwords to be secure and difficult for nefarious individuals to hack. One way to create a secure password is to make it at least 12 characters long, containing both uppercase and lowercase letters, numbers and special characters.

While formulas like this one seem to appear on every password creation prompt, 16% of respondents say they are neither familiar nor unfamiliar with password security best practices. This statistic is pronounced among older generations, with only 19% of those who are 59 to 77 years of age reporting that they know how to keep their passwords secure.

Although the majority of respondents are familiar with best practices, they still engage in risky password behavior with 54% using a main password to log in to multiple accounts. This common password mistake puts multiple accounts at risk; all a hacker needs to do is gain access to one password and they can access a wide variety of information.

Not only do people use the same password for multiple accounts, they are not changing this password on a regular basis. Experts suggest changing your passwords at a minimum of every three months to help prevent hackers from cycling through password options and gaining access to your system. And yet, 24% of respondents change their password less than once a year.

39% had their password compromised in the last five years

Getting your password compromised can leave you feeling violated. Hackers gain access to personal, private information and can impersonate your identity or steal money. And cleaning up the mess requires more than simply changing passwords. While social media accounts are the biggest target for hackers, banks and shopping accounts make up 20% of compromised accounts in the past five years.

Younger generations have their password compromised more often

While older generations tend to understand strong passwords less than younger generations, it is the younger generation that is most vulnerable to hackers. Of those who are aged 18 to 26, 49% have had their passwords compromised in the past five years. Higher still are those aged 27 to 42, with 52% experiencing compromised accounts in the past five years.

Experts hypothesize that these age groups are more likely to share passwords and use the same passwords for work and personal accounts. In fact, only 29% of 18 to 26 year olds use a unique password for high-risk accounts such as bank accounts, compared to nearly 40% of older generations.

On average, people have to remember more than six passwords

Part of the reason people don’t create unique passwords is that they have to remember passwords for so many different accounts. Without a password manager, this becomes difficult. When you consider work and personal accounts, the average person needs to remember six or more passwords. And when creating different passwords, people often use a derivative of an existing password, making it easier to guess different passwords.

Password managers can be a lifesaver when it comes to remembering different credentials across multiple accounts. However, only 24% of respondents use a password manager. In fact, nearly half of respondents write their passwords down to keep track of them—leaving their accounts vulnerable to anyone that finds their sticky notes or password book.

16% share their passwords with other people

It doesn’t matter how often experts advise us not to share our passwords—people still do it. There are sometimes good reasons for this, such as sharing a subscription or needing family to access accounts for emergency purposes. Because it is easy to forget passwords, with 21% saying they have forgotten passwords that are too complex, more and more people are using tools such as Face ID or other biometrics to log in to accounts. In fact, 17% of respondents rely on Face ID to get into high-risk accounts. This doesn’t eliminate the need for complex passwords as accounts still require passwords; Face ID simply reduces the need to remember them.

Only 24% use a password manager

Password managers are great tools that eliminate the need to remember complex passwords for different accounts, and respondents use them for a variety of reasons. Some use them so that they don’t have to remember different passwords, while others use them because they want to keep passwords more secure than they would be if written down on paper. A miniscule group of respondents, just 3%, use password managers because employers require them for security reasons.

Conclusion

In this day and age, you can’t get away without needing a password for something, if not multiple accounts. In order to prevent being hacked, using technology to help you create and manage strong, unique passwords can help prevent getting accounts compromised. Good password habits aren’t difficult but do require some discipline to maintain. Finding the best password manager for your needs is an excellent way to get started.

Our Methodology

To understand Americans’ password habits and how they keep their passwords safe, Forbes Advisor commissioned a survey of 1,000 Americans conducted by market research company OnePoll, in accordance with the Market Research Society’s code of conduct. The margin of error is +/- 3.1 points with 95% confidence. The OnePoll research team is a member of the MRS and has corporate membership with the American Association for Public Opinion Research (AAPOR).