As social life continues to move into the online sphere, it becomes increasingly important to monitor and protect our online data. The average consumer has more than 27 online accounts and that number approaches 100 for millennials with only a handful of passwords being shared throughout all of them.
Given that passwords are the first line of defense to protect personally identifiable information (PII), passwords should ideally be hard-to-guess and, randomized for every online account. Unfortunately, brains are not computers with perfect recall, so remembering complicated passwords for the 27-plus accounts across online banking, email, and social media networks might be almost impossible.
According to a recent Google online security survey, a staggering 52% of users reported using the same password for multiple or all accounts. That number correlates to the frustration 75% of respondents reported experiencing in keeping track of passwords. Also, according to the study, 61% reported using the same password in fear of forgetting their passwords and 50% felt the need to be in more control of their passwords.
In order to facilitate password recall, users have adopted habits that put their PII at risk. This includes people resorting to reusing the same passwords across multiple accounts. Other habits include, writing passwords down on a piece of paper or using common passwords that are easy to hack. According to the Google survey, 24% of Americans use a variation of widely used passwords such as:
In addition, when creating a password, people are incorporating information about themselves that can be easy to guess.
- 59% of adults have used a name or birthday
- 33% entered a pet’s name
- 22% entered their own name
- 15% entered a spouse or partner’s name
- 14% entered their child(ren)’s name.
Password overload is a real problem for individuals and organizations that hold consumer data. The main risk is that one stolen or compromised password can give an attacker the means to access several other accounts. This situation allows hackers to focus their energy on hacking poorly- managed websites in order to get information that eases their attempts at breaching more valuable accounts.
To help protect accounts and personal information, it is important to implement practices and tools that mitigate the risks associated with password overload.
With the right habits and tools, you can help minimize these risks and strengthen your passwords as the first line of defense for your data. Some recommendations worth considering:
- Update your passwords regularly, especially after any kind of notification relating to a data breach by a company you have an account under.
- Never reuse passwords. Ever.
- Try using passphrases instead of passwords. They can be easier to remember and the higher number of spaces and quotations can make them harder to guess.
- Protect critical accounts with multiple-factor authentications. This is an added layer of protection that requires an object that you possess (phone, fingerprint, face recognition, etc.) to verify your identity. While a hacker may find a way to steal your password, it is much more difficult for them to replicate or obtain your physical property.
- To facilitate this process, try using a password manager that also creates randomized passwords for you.