15
Psychology of Passwords Expanded Digital Lives and Password (Mis)behaviors

Psychology of Passwords

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Psychology of Passwords

Psychologyof Passwords

Expanded Digital Lives and Password (Mis)behaviors

Page 2: Psychology of Passwords

LastPass.com 2

Password security in 2021: outsmarting human vulnerabilities.

The COVID-19 pandemic disrupted the workplaces of millions worldwide. Physical offices shuttered. Many people transitioned to working from home. With nowhere to go, they spent more time online.

Individuals and businesses are more at risk than ever. Hackers are taking advantage and exploiting human vulnerabilities more than ever. The types of attacks have shifted given the large number of people working remotely and spending more time online.

According to the 2021 Data Breach Investigations Report (DBIR), Cybercriminals are increasingly targeting individuals and their devices.

36%85%36% of breaches last year involved phishing – 11% more than before.

Most data breaches – a staggering 85% – involved a human element (phishing, stolen credentials, and human error).

71%

70%

Worked wholly or partly remotely.

Spent more time online for personal entertainment and work.

During the pandemic:

https://www.lastpass.com/
Page 3: Psychology of Passwords

LastPass.com 3

Survey OverviewOur Psychology of Passwords report explores the password security behaviors of 3,750 professionals across seven countries. We asked respondents about their feelings and behaviors regarding online security.

Countries surveyed:

• United States

• United Kingdom

• Germany

• France

• Australia

• Singapore

• India

https://www.lastpass.com/
Page 4: Psychology of Passwords

Agree that compromised passwords are concerning...

79%

Know that using the same password or a variation is a risk...

92%

...Rely on their memory to keep track of passwords.

51%

...Always or mostly still use the same password or variation.

65%

Lots of awareness, not enough action.

What people say. What people do.

45% DID NOT CHANGE THEIR PASSWORDS

45% of survey respondents did not change their passwords in the past year even

after a breach had occurred.

Page 5: Psychology of Passwords

People practice selective password security but would create stronger passwords for:

Financial Accounts

68%

Only 8% said that a strong password should not have ties to personal information.

This means most users are creating passwords that leverage personal information that has ties to possible public data, like a birthday or home address.

8%

49%

Email Accounts

32%

Work-Related Accounts

31%

Medical Records

PRO TIPLeverage nonsensical phrases peppered with

numbers and symbols as opposed to individual words to make your passwords longer, stronger, and easier to remember while also making them

more difficult for hackers to crack.

Page 6: Psychology of Passwords

LastPass.com 6

PRO TIPTreat all credentials as vulnerable. You might not think your local gym credentials are worth anything to

hackers, but if those credentials are identical or close to your bank account

login, a breach at your gym could mean sensitive financial information is

exposed too.

Blind spots and bright spots.

Cognitive dissonance prevails. People pick and choose what information they think is worth protecting. As a result, they knowingly engage in risky password behaviors, even when spending an unprecedented amount of time online for work and entertainment during a pandemic.

76% claim to use MFA for both work and personal reasons, a 10% increase from last year.

83% would not know whether their information was on the dark web.

https://www.lastpass.com/
Page 7: Psychology of Passwords

Digital life expansion.More accounts than ever before.

91% of respondents have created at least one new account this year.

90% of respondents indicate they have up to 50 online/app accounts.

LastPass.com 7

Respondents have 50% more accounts in 2021 than in 2020.50%

https://www.lastpass.com/
Page 8: Psychology of Passwords

53% shared vacation photos online.

20% shared photos of their pets with their names then used their names in passwords, up 5% from 2020.

As we grow our digital presence, we need more robust protection for our personal information.

Our digital lives expanded greatly during the COVID-19 pandemic. The disconnection in our daily lives motivated us to connect more online than ever. The result: more accounts created, and more personal information shared online.

The amount of personal information online is increasing:

PRO TIPKeep your updates to social media private or be sparing with your public posts. Malicious actors

scrape public profiles and can use seemingly harmless information to hack accounts outside of

your social media.

27% shared photos of their house/neighborhood, up 7% from 2020.

LastPass.com 8

https://www.lastpass.com/
Page 9: Psychology of Passwords

LastPass.com 9

Remote work: employee and employer perspectives.

Employee remote work habits:

Employer remote work habits:

47%Did not change their online security habits since working remotely.

Shared sensitive information and passwords for professional accounts while working remotely.

44%

46%Did not strengthen their passwords while working remotely.

39%Made sure employees logged on the company network via secure networks while working remotely.

Made employees update their passwords more regularly.35%

35% Enhanced authentication methods.

https://www.lastpass.com/
Page 10: Psychology of Passwords

IT admins must pay attention. The presence of risk does not inherently motivate people to adopt better security. Almost half of employees engage in risky password behavior while working remotely.

IT admins must rethink their security strategies just as their employees reshape and reassess the way they work.

PRO TIPInvest in a password management solution to improve password hygiene and security. Implement SSO and MFA to secure all points of access. Launch security trainings to educate and evangelize.

LastPass.com 10

https://www.lastpass.com/
Page 11: Psychology of Passwords

Regional snapshot:United Kingdom

61% know that a strong and unique password does not have ties to personal information.

They were also the least likely to share personal information online (41%).

SingaporeSingapore is the most concerned when it comes to compromised passwords (93%).

They also lead the way when it comes to knowing what to do if they have been hacked (74%).

United StatesAmericans were more likely to use credit monitoring services if their account was compromised (31%).

However, 39% felt they didn’t need to change their online security habits when working remotely because they were already strong.

Australia

71% of Australians always/mostly use the same password variation.

However, Australians spent less time online overall during the pandemic (61%).

IndiaIndia is significantly more likely to use a password manager or browser to store passwords than other countries (64%).

Indian respondents led the way when it came to changing their online security habits while working remotely (81%).Germany

Germany leads the way when it comes to dark web knowledge (79%).

Only 14% would know if their personal information was on the dark web.

France

Only 15% of French respondents worked remotely during COVID.

Only 43% changed their online security habits if working remotely.

LastPass.com 11

https://www.lastpass.com/
Page 12: Psychology of Passwords

Connecting the dots.Why do people engage in bad password behaviors (when they clearly know better)?

68% Who reuse their passwords are afraid of forgetting them.

52% Who reuse want to be in control of all their passwords.

36% Do not consider their accounts valuable enough for hackers.

Page 13: Psychology of Passwords

Why is password reuse so dangerous, especially as our digital lives expand?

PEOPLE ENGAGE IN BAD PASSWORD BEHAVIORWith ever-expanding digital lives

and lack of cybersecurity support, a combination of habits, emotions and

lack of urgency keep people from changing their online behaviors.

LastPass.com 13

One stolen username and password combination gives a hacker access to many accounts.

When a cybercriminal gets access to a device used for personal and work, they can quickly gain access to a corporate network to steal data or money.

https://www.lastpass.com/
Page 14: Psychology of Passwords

Combatting password (mis)behaviors.The COVID-19 pandemic brought unprecedented change in the way we work and interact. We spend more time online. We share more digitally. If we know why people are behaving the way they do, how can we fix this behavior?

What does good password behavior look like?

• Make every password unique.

• Use nonsensical combinations of characters.

• Turn on two-factor authentication.

• Update passwords when notified of a breach.

Combat your fear.Use a password manager to manage and secure your passwords. Let a password manager do the work of creating, remembering and filling in your passwords.

Combat your anxiety.Add a layer of security with multi-factor authentication (MFA) to ensure you’re the only one accessing your information.

Combat your apathy.Monitor your data and make sure you know when your information has been compromised with dark web monitoring.

Page 15: Psychology of Passwords

©2021 LogMeIn, Inc. All rights reserved. | 08.24.2021/LMI2139

LastPass is trusted by over 30 million users and 85,000 businesses to store and fill passwords, credit cards and

other personal information. Use LastPass to generate strong passwords and fill them automatically when you

visit sites and apps – across all your devices.

Learn More

https://lastpass.com

Psychology of Passwords: Combatting Cognitive Dissonance ......© 2019, LogMeIn, Inc. 12 1. Create unique, strong passwords for every account –Meaning 20 characters or more, randomly

Psychology of Passwords: Combatting Cognitive Dissonance ......© 2019, LogMeIn, Inc. 12 1. Create unique, strong passwords for every account –Meaning 20 characters or more, randomly

Documents
Different Ways of hacking passwords

Different Ways of hacking passwords

Documents
Graphical Passwords

Graphical Passwords

Technology
The End of Passwords

The End of Passwords

Technology
PSYCHOLOGY OF PASSWORDS: THE ONLINE BEHAVIOR THAT’S ... · Psychology of Passwords: The Online Behavior That’s Putting You at Risk 9 Respondents recognized that email and financial

PSYCHOLOGY OF PASSWORDS: THE ONLINE BEHAVIOR THAT’S ... · Psychology of Passwords: The Online Behavior That’s Putting You at Risk 9 Respondents recognized that email and financial

Documents
Adobe Security Survey · Passwords • Fewer than one fourth of people use distinct passwords for each of their accounts • Many people store their passwords where others canfind

Adobe Security Survey · Passwords • Fewer than one fourth of people use distinct passwords for each of their accounts • Many people store their passwords where others canfind

Documents
STRONG PASSWORDS

STRONG PASSWORDS

Documents
Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Documents
Passwords Issa

Passwords Issa

Documents
Digital Citizenshipdigitalcitizenshipsusd.weebly.com/uploads/7/8/6/6/78661500/__stud… · 1 powerful passwords dos and don’ts of powerful passwords powerful passwords / student

Digital Citizenshipdigitalcitizenshipsusd.weebly.com/uploads/7/8/6/6/78661500/__stud… · 1 powerful passwords dos and don’ts of powerful passwords powerful passwords / student

Documents
Psychology of Passwords: Neglect is Helping Hackers Win · a hacker could guess one of their passwords from information shared on social media would update the password for that account

Psychology of Passwords: Neglect is Helping Hackers Win · a hacker could guess one of their passwords from information shared on social media would update the password for that account

Documents
Passwords 101

Passwords 101

Technology
09 passwords

09 passwords

Technology
Perfect Passwords

Perfect Passwords

Documents
Passwords - Web viewLogins and Passwords. ... Help your power of attorney ... last person if you did not leave a list of logins and passwords to access your electronic devices and

Passwords - Web viewLogins and Passwords. ... Help your power of attorney ... last person if you did not leave a list of logins and passwords to access your electronic devices and

Documents
Protecting Passwords

Protecting Passwords

Technology
Passwords presentation

Passwords presentation

Documents
Passwords, Passwords and more Passwords

Passwords, Passwords and more Passwords

Technology
Hacking of Passwords in Windows Environment

Hacking of Passwords in Windows Environment

Documents
Secure Management of Privileged Passwords

Secure Management of Privileged Passwords

Technology
Passwords, Passwords, Passwords - MemberClicks · Most common passwords of 2017 1. 123456 2. 123456789 3. qwerty 4. 12345678 5. 111111 6. 1234567890 7. 1234567 8. password 9. 123123

Passwords, Passwords, Passwords - MemberClicks · Most common passwords of 2017 1. 123456 2. 123456789 3. qwerty 4. 12345678 5. 111111 6. 1234567890 7. 1234567 8. password 9. 123123

Documents
Beyond Passwords - University of Washington

Beyond Passwords - University of Washington

Documents
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS

Documents
Passwords Everywhere

Passwords Everywhere

Documents
Updating Secondary Students Passwords & Challenge Questions...Updating Secondary Students Passwords & Challenge QuestionsAudience: Secondar y Students Purpose:Updating passwords and

Updating Secondary Students Passwords & Challenge Questions...Updating Secondary Students Passwords & Challenge QuestionsAudience: Secondar y Students Purpose:Updating passwords and

Documents
25 Worst Passwords of 2011

25 Worst Passwords of 2011

Documents
Kanishka_3D Passwords

Kanishka_3D Passwords

Education
Codebits 2011 - The end of passwords

Codebits 2011 - The end of passwords

Technology
Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes

Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes

Documents
Usability and Psychology - Drexel CCIgreenie/cs475/CS475-13-02.pdf · Usability and Psychology (2) • 1980s concerns with passwords: technical (crack /etc/ passwd, LAN sniffer, retry

Usability and Psychology - Drexel CCIgreenie/cs475/CS475-13-02.pdf · Usability and Psychology (2) • 1980s concerns with passwords: technical (crack /etc/ passwd, LAN sniffer, retry

Documents