We use passwords for everything – accessing smartphones, laptops, accounts, social media, banking apps, etc. They’re also used to get into corporate systems, including those at membership clubs. The idea that our passwords could be stolen and used for fraud might seem far-fetched and unlikely. But the reality is quite different.
In this article, we’ll explore the problems with passwords and why it’s so important to follow essential rules for password management. We’re sure some of the facts might surprise you. So, let’s find out what’s wrong with passwords.
People still use very simple passwords
The 5 most popular passwords in Canada are “123456”, “admin”, “password”, “54321”, and “12345678”. In other countries, the situation is not better.
All of the 200 most common passwords can be cracked in less than a second.
Source: Nordpass
People often use simple combinations that are easy to remember, like “qwerty” or “password.” However, hackers can crack these passwords instantly. This is especially dangerous if such passwords are used for work systems.
52% of users reuse the same password for multiple accounts
Moreover, according to a Google survey, 13% of users use the same password for all their accounts, including email.
More than half of people don’t like passwords
According to a study by the Ponemon Institute, 55% of users prefer alternative authentication methods over passwords. They find MFA inconvenient because they have to wait for a code, enter it quickly before it expires, and passwords are easily forgotten. People generally dislike using passwords and recognize that they offer inadequate security.
The password reset statistics are disturbing
Nearly half of internet users (44%) rarely change or reset their passwords, while only 34% update them regularly. An alarming 44 million Microsoft users were found to have reused passwords. This lax approach to password security has concerning implications.
Furthermore, 6% of US adults admit to still having access to accounts belonging to their former romantic partners, colleagues, or roommates.
People too often use personal information in passwords
A concerning 59% of users create passwords using their names or birthdays, which can be easily guessed.
After learning about a data breach, just 45% of users said they would change their passwords
A notable case at Slack demonstrates how to handle the aftermath of such incidents. The company promptly sent out password reset emails to all users suspected of being affected by the security breach.
Many people instantly forget their passwords
According to a LastPass survey, 57% of users forget their passwords immediately after changing them.
Passwords are the target of most cyberattacks
70% of cyberattacks aim to take over accounts. Phishing attacks can bypass even multi-factor authentication, with a success rate of 62%.
Four out of five data breaches are linked to passwords in some way
According to a Verizon study on hacking-related breaches, 80% of them are caused by password issues. The most common methods of compromising accounts include lost or stolen credentials and brute force attacks.
It takes an average of 280 days to detect and contain a data breach
Instead of spending this extensive period dealing with the fallout of a breach, it would be more effective to use that time to build a robust security infrastructure.
How can you avoid problems with passwords and use passwords more securely?
- Use a password manager.
- Change your passwords regularly: every 1-2 months for very important accounts and every 6 months for less critical ones.
- Don’t use the same password for different accounts.
- Always use multi-factor authentication.
- Create strong passwords, ideally at least 14 characters long, including numbers, upper- and lower-case letters, and symbols.
- Consider using passphrases that are easy to remember but hard to crack, such as 1wiL1@lway$foll0W_u.
- Refrain from using personal information such as your name, nickname, pet’s name, birthday or anniversary, street name, or anything someone could find out from social media or a casual conversation with a stranger.
Find more useful password management tips in our FREE comprehensive eBook. Download it through the link.
Also, if possible, switch to passwordless authentication, which allows access to systems and accounts using biometric sensors or a hardware key via Bluetooth, NFC, or USB.
Passwordless verification includes:
- Possession factor: a hardware key or device.
- Presence factor: confirming that the user is present and alive.
- Biometric factor or knowledge factor.
Conclusion
The digital world is constantly evolving. In the coming years, passwords are expected to be replaced by patterns and biometric data. Unique identifiers like eyes, fingerprints, and facial recognition will add an extra layer of security to each account, effectively solving the problems with passwords. But for now, while password usage is still very common, it’s important to choose strong passwords and always use multi-factor authentication.
If you need comprehensive security for your club assets, our team can help. Contact Club Support to get all your IT needs taken care of.
