An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords.
In recent months, a slew of cyberattacks has hamstrung critical aspects of U.S. infrastructure including domestic meat and petroleum production as network security concerns take center stage amid soaring ransomware payouts. Last month, Beyond Identity published the results of a survey highlighting password protection habits, office password "guessing games" and more. Apparently, many people are just using the names of their pets, children and, at times, even their own names to protect their online accounts.
Perceived password safety and breaches
A portion of the Beyond Identity survey asked respondents which of their various account passwords they perceived to be safe. Overall, people believed their online banking account passwords were the safest (68.8%), followed by "work-related" (67.3%) and crypto wallets (63.2%) passwords. In order, personal email (61.8%), phone (55.8%), video streaming (47.5%) and music streaming (46.8%) passwords round out the list.
SEE: Security incident response policy (TechRepublic Premium)
At a minimum, about half of the respondents felt these accounts were safe, but which of these accounts have been hacked or compromised? According to Beyond Identify, 23.1% of respondents said their personal email account had been compromised or hacked, followed by video stream (19.9%), online banking (17.9%), music streaming (17.0%) and work-related accounts (16%), in order.
A password "guessing game"
In the digital age, much of our online activity is guarded beyond myriad personal and shared passwords from Netflix accounts to smartphone access. That said, a portion of the Beyond Identity findings detail a cybersecurity "guessing game," asking respondents to identify other people's accounts they've attempted to unlock using guessed passwords. Unsurprisingly, romantic partners topped the list for 51.6% of respondents, while passwords belonging to parents (40.2%) and children (24.6%) rounded out the top three.
Interestingly, the password guessing game extends beyond the nuclear family and enters the workspace for many respondents. About one in five respondents said they'd tried to guess the password of a coworker (21.7%) or their boss (19.9%), according to Beyond Identity, with other top answers including the passwords belonging to an "ex-partner" (19.9%), friend (19.1%) and sibling (17%). Over one-third of respondents said they'd tried to guess another person's password and 73.3% of these individuals have been successful in doing so, the blog said.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
In general, many people said they'd attempted to guess the passwords of coworkers and other people in their familial and social circles, but what accounts were these passwords associated with? Just under half of the respondents (43.7%) were attempting to "guess" or "discover" the password associated with another person's personal email account, according to Beyond Identity, with other top accounts and devices including phones (32.6%), video (30.2%) and music (28.1%) streaming services, work accounts (26.6%) and online banking accounts (23.1%).
To determine these passwords, 39.2% of respondents said they used the information they "knew about the person" and 18.4% checked social media platform profiles, according to the blog. Other reported strategies used to guess these passwords include "checking personal files/records" (15.6%), simply asking other people (friends and loves ones) for this information (12.8%) or "answering a hint/security question" (9.2%).
Password tendencies: Pets, birthdays and random letters
The survey findings also shine a light on the various approaches people take when crafting a password. The "composition of a generic password" consists of random letters for 37% and 30.7% of people use "random characters replacing letters," according to the blog, but pet names (27.4%), birth years (21.1%), children's names (20.4%) as well a person's own name (18.7%) were also top answers.
Password generators are a popular option for people looking to automatically create a secure online credential. Interestingly, the survey findings underline demographic differences among age groups, their likelihood to use a password generator and the accounts these groups are most likely to protect with these generated credentials. For example, only half of Baby Boomers have "used a password generator" and Generation X was the "most likely" of these groups to use password generators to craft a password for their online banking accounts, according to Beyond Identity.
One-quarter of millennials tap generators when creating passwords for social media platforms and Generation Z was "most likely" to leverage password generators for their cryptocurrency wallet accounts, the post said.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and ThursdaysSign up today
- The top keywords used in phishing email subject lines (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)