42% Of Americans Use the Same Password for Multiple Accounts

A recent survey conducted on 2,000 Americans by OnePoll on behalf of AT&T has provided insights into the level of cybersecurity knowledge of Americans and the cybersecurity risks many people take when using the Internet.

According to the survey, 70% of respondents said they felt they were knowledgeable about cybersecurity and understand how hackers gain access to sensitive information on devices, but in many cases that knowledge did not translate into practicing good cyber hygiene. Fewer than 40% of respondents said they consider common cybersecurity risks and less than one-third of respondents consider network intrusion and rogue mobile apps in mind.

When it comes to password security, many Americans take significant risks that place them at risk of becoming a victim of identity theft and fraud. 42% of respondents said they reuse the same password on multiple websites when this places them at risk of falling victim to a credential stuffing attack. 34% said they were proactive about password security, with most people being reactive and only changing their passwords when notified about a login from another device or another security warning. Most alarmingly, an astonishing 31% of respondents said they use their birthday as their password.

54% of respondents said they were aware of the difference between active and passive cybersecurity threats – Active threats involve user action while passive threats result in devices being accessed without any user interaction. 69% of respondents believed they could identify a suspicious website, but only 45% said they know that those websites could put them at risk of identity theft, and only 39% were aware that suspicious websites could potentially infect their devices with malware.

The survey revealed that suspicious websites and accounts are frequently encountered. On average, every person happens upon a suspicious website or social media account 6.5 times a day. While most respondents were aware that websites that contain lots of popups and sites that did not start with HTTPS were risky, they were still often visited. 38% said they visited these sites to stream major sporting events, 37% said they access these sites to download music or video games, and 36% said they visit the sites for online shopping if they offer good discounts.

Threats are frequently encountered. 48% of respondents said they had received an email from someone they don’t know asking them to click a link, 47% said they had received a notification via email or text message informing them they had won a sweepstake or competition that they had not entered, 45% had received a telephone call from someone claiming to be from a government agency, and 36% said they would likely respond to a message if it appeared to be official.

There are simple steps that can be taken that can greatly improve security. Josh Goodell, vice president of Broadband Technology Management at AT&T, suggested that one of the easiest ways to improve security and mitigate cybersecurity risks is using a VPN, as this will encrypt data and prevent hackers from tracking online activity. Signing up with an internet service provider that blocks malicious websites was also recommended.

A password manager will greatly improve security. A password manager will generate a complex, unique, password for each online account. If all passwords are unique, credentials stuffing attacks cannot be conducted and if complex passwords are set, consumers will be well protected from brute force password guessing attempts.

Password managers encrypt passwords and store them securely and will autofill them when needed, so passwords never have to be typed or remembered. Only one complex password needs to be set and remembered – the password for the password manager. That password should be a unique, easy-to-remember phrase.

Password managers are low-cost solutions. Some password managers, Bitwarden for example, even have a free tier, but even the full Bitwarden product costs just $10 per user, per year.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news