Using a complex password may not be enough to protect consumers if they insist on using the same combination to cover too many accounts. According to a recent survey by fraud-detection company CSID, six out of 10 consumers use the same limited set of passwords in all their web activity, despite potentially raising the risk of a data security breach.
According to the survey, 54 percent of respondents had five passwords or fewer, and 44 percent changed their passwords once a year or less. As a result, compromising a single website could grant a hacker access to a range of user accounts.
An easily overlooked problem
Having a complex password is only one part of data protection best practices. Many consumers do not realize that reusing the same login information can be dangerous, according to CSID CIO Adam Tyler. Yet 21 percent of survey respondents had experienced an online account breach.
The worst offenders are users under the age of 24. More than half of respondents claimed memorization was an issue driving password reuse, which PCWorld noted may signal a lack of familiarity or trust in password vault services such as LastPass or DirectPass.
Many users reported that they regularly access fewer than half a dozen sites, which might have been a factor in the limited number of passwords being used. Nonetheless, consumers can take certain steps to make managing multiple passwords an easier and more secure process regardless of the number of passwords they are using.
Tips for creating secure passwords
The first step in securing online accounts, according to experts, is adopting a secure password that is longer than 10 characters. A recent Trend Micro guide laid out several other tips for a secure password:
- Longer is better, as is random
- Replacing letters with numbers or punctuation marks is recommended
- Consumers should use nonconsecutive numbers and avoid using personally identifiable numbers such as a birthday
- A three-word nonsensical “passphrase” can offer more security than a simple password
- Users should never reuse passwords and should instead take the time to create a unique password for each online account
Yet, as the CSID study showed, a secure password is just the beginning. It can be important to follow other management tips to keep data safe across multiple accounts.
Managing multiple passwords
In addition to creating secure passwords, it is important to lock down other parts of online account security, and it is critical that users be able to keep track of the passwords they have created.
Trend Micro’s guide offered a range of other tips for managing passwords beyond basic security measures. Users should be creative when selecting their account’s initial security questions and consider choosing answers that are out-of-context. Avoiding phishing by not clicking on suspicious links is important as well.
One critical way to manage passwords is by reducing digital clutter in the form of unused accounts that are no longer needed. This approach disposes of overlooked vulnerabilities. Regularly patching and upgrading software is also an important way of staying up-to-date against threats.
Consumers can limit what they share on social networks in order to avoid exposing private information that could make it easier for hackers to guess passwords or answers to security questions.
One of the most useful tools is a password manager service, such as Trend Micro’s DirectPass, which can keep track of credentials across multiple online accounts. Users only need to remember one master password to access the service before sitting back and allowing the software to generate and securely store unique and extremely complex combinations for each account. As a result, users can strike a balance between the hassle of remembering potentially dozens of lengthy passwords and the danger that could come from recycling a few simple combinations.
Data Security News from SimplySecurity.com by Trend Micro